What is it all about?
In Cyber security there are 3 fundamental goals:
- Confidentiality, Any information you have, should be kept confidential particularly if it relates to an employee, customer, or relates to financial transactions. This sort of information should only be accessible by people/systems that the data owner (you, typically) has given permission to do so.
- Integrity, whatever the information is it needs to be complete, unmodified and uncorrupted, information that has lost its integrity can not be relied on even if it’s kept confidential.
- Availability, information should be available to those that are authorised to access it, and it must be undamaged. Information that has been encrypted where an authorised person doesn’t know the key may still have integrity, and its confidentiality may be maintained, but if that authorised person can not access it, it’s no use at all.
How to meet the fundamental goals
Achieving and then maintaining these fundamental goals is an ongoing process that requires people, processes and technology. To that end it’s important that:
- You know what assets (information or physical) you need to secure (your business systems that are of value or owned by the business)
- You need to determine the risks to those assets or your business, where a risk is based up a vulnerability and likelihood
- Put safeguards in place that deal with the risks that you have identified
- Keep an eye on your safeguards and assets, monitor them to make sure that they work and are relevant
- Handle cyber issues as they occur, respond quickly to limit the damage
- Adjust and update the safeguards as needed relative the new or changing risks to assets or system
This is an ongoing process.