Cybersecurity
Here's an overview of what to do in cybersecurity:
Identify and understand risks
- Conduct risk analyses to see which threats are most likely and serious.
- Identify vulnerabilities in systems, networks, and processes.
- Classify information based on sensitivity (e.g., privacy, integrity, availability)
Protect and prevent
- Install and configure firewalls, antivirus, EDR (Endpoint Detection & Response).
- Ensure access controls (IAM) – The right person gets the right access at the right time.
- Encryption of data at rest and in transit.
- Secure Development (Secure SDLC) – build security in right from the start.
Detect and monitor
- Use Security Information and Event Management (SIEM) systems for log and event analysis.
- Real-time monitoring to detect intrusion attempts or anomalous behavior.
- Penetration tests and vulnerability scans.
Respond and handle incidents
- Follow an Incident Response Plan (IRP).
- Isolate infested systems to prevent spread.
- Investigate and document what happened (digital forensics).
- Communicate with stakeholders and report according to legal requirements (e.g. GDPR, NIS2).
Restore and improve
- Restore data and services from backup.
- Implement lessons learned to close security gaps.
- Update processes and systems so that the same attack cannot happen again.
Educate and create security awareness
- Provide users with training in phishing, password management, and safe browsing.
- Train staff on incident exercises (e.g. tabletop exercises).
- Ensure that management understands security risks and business impacts.
A simple rule of thumb is that cybersecurity always revolves around the CIA triad:
- Confidentiality—Only the right people can see the information.
- Integrity – the information is accurate and unchanged.
- Availability—Information and systems are available when needed.