A plan that allows an organization to remain operational at acceptable, predefined levels of operation despite disruptions resulting from human, technical, or natural causes.
With more and more companies becoming heavily reliant on data to drive decisions, any loss of that data -- even short-term -- can bring business to a halt and have dire effects on the bottom line.
...continue reading "Term of the Week: Business Continuity Plan"
A systematic process by which an organization gathers information about its essential business functions and processes and evaluates the potential impact to the organization if those functions and processes were interrupted or otherwise adversely affected. Also referred to as a business impact analysis.
This term is important because it helps organizations prioritize the allocation of time and resources to prevent, manage, and recover from incidents that affect critical business operations and assets. A business impact assessment also provides information to help create an incident response plan and a business continuity plan.
...continue reading "Term of the Week: Business Impact Assessment (BIA)"
A process for defining, identifying, classifying, and prioritizing potential weaknesses in an organization’s computer, network, and communications infrastructure, also known as vulnerability analysis or security assessment.
When conducted correctly, results from a vulnerability assessment can be used to define or update an organization’s internal and external network as well as its information security policies.
...continue reading "Term of the Week: Vulnerability Assessment"
Controls to ensure that software applications are developed and operated in accordance with an organization’s requirements and risk tolerance levels(NIST 2017).
Application risk governance provides a framework to ensure an appropriate balance between security and operations.
...continue reading "Term of the Week: Application Risk Governance"
A combination of three approaches that organizations use to demonstrate compliance with international standards, global rules, laws, and state regulations. Referred to as IT GRC when a company uses information technology (IT) to apply GRC.
Governance, risk management, compliance (GRC) is often implemented by companies that are growing globally to maintain consistent policies, processes, and procedures across all parts of the organization. It is important for business professionals to understand and follow the internal information security rules, company risk factors, and industry requirements that drive the implementation of GRC in order to ensure that the company as a whole remains compliant.
...continue reading "Term of the Week: Governance, Risk Management, Compliance (GRC)"
The act or process of making a network, data repository, sensor, computer system, software, or other equipment resistant to unauthorized access or damage.
Unauthorized access is one of the primary catalysts for operational, financial, strategic, legal, and other damage to an organization. These breaches also increase the risk of harm to third parties, including customers, patients, and other stakeholders. Hardening hardware, software, and data systems is a key risk mitigation strategy.
...continue reading "Term of the Week: Hardening"
The Language of Cybersecurity has received a 2018 STC Touchstone award for excellence from the Northern California Chapters of the Society for Technical Communication.
The citation for this honor highlights the usefulness of the references, the crispness of the writing, and the consistency of its format.
Congratulations to editor Tonie Flores and the 60+ industry experts who contributed to this book.
The practice of isolating malware, or software that is suspected to contain malware, within a contained or quarantined environment to observe and study its communications, infection vectors, and other behavioral heuristics.
Sandboxing allows security researchers to investigate malware execution, heuristics, and communications within an isolated environment and aids in the development of indicators of compromise (IOC) and anti-malware signatures.
The process of encoding a message or information in such a way that only authorized parties can read it.
Encryption is important to our personal, business, community, and national security. Criminals, competitors, or hostile governments may seek to exploit weak or non-existent encryption to hack systems or steal data. Strong, well-managed encryption renders content unreadable to anyone who does not have authorized access.
A network security system built into hardware or software that monitors network traffic and controls incoming and outgoing traffic based on a set of rules.
Firewalls enable system administrators to monitor and control network traffic coming into and out of their systems. Firewalls provide a first line of defense against network-based cybersecurity attacks. They are also used to censor information by blocking traffic to and from certain sites.