- January 10, 2017
- Comments : 0
IT Cheat Sheet: Cybersecurity
CyberSecurity is protecting an organization’s IT infrastructure, data, and intellectual property from “bad guys”. This involves securing the infrastructure against penetration attempts, and ensuring an organization’s data and intellectual property are not stolen, tampered with, or held for ransom. There are several key areas within CyberSecurity:
- Network Security
- Data Center Security
- Data Security
- Application Security
- Device Security
- Secure/Defensive Programming
- Security Awareness
Failure to secure an organization’s assets can have serious to catastrophic consequences. Organizations can face loss of customers and business, public embarrassment, inability to conduct business, and even a negative effect on their financial position.
Below are examples that highlight the importance of implementing effective CyberSecurity practices include:
- There have been a number of high-profile attacks in retail including Target and Home Depot. In both cases criminals were able to penetrate the organization’s IT infrastructure and steal large quantities of customer records, including personally identifiable information (PII) that could be used for identity theft, as well as credit card data that could be used to make fraudulent purchases. Both companies suffered loss of face and loss of customers. It cost each company millions of dollars to remedy the situation and to provide credit monitoring services to the affected customers.
- The US Department of Homeland Security, despite being in charge of CyberSecurity for the US, was hacked and had 5 million fingerprint files stolen.
- Skillsoft’s security team is constantly monitoring our IT environment and our customers’ use of our products. On an average day, there may be several hundred attempts to unlawfully access our systems. Failure to protect our environment and to protect our customers’ data would result in a loss of customer confidence in Skillsoft. If the breach was major, it could result in our customers leaving us for another provider that they believe is more secure.
Although CyberSecurity is every employee’s responsibility in an in an organization, IT “owns” CyberSecurity. IT’s ownership stems primarily from the fact that IT houses all of an organization’s data, and manages the infrastructure that not only provides access to authorized employees, but is the channel that the bad guys will use to try to attack the organization. CyberSecurity is “job number one” at IT organizations, as they are on the front line in the fight to defend the organization’s assets. It doesn’t matter what a person does in IT – infrastructure, networks, cloud, big data, applications development, help desk, etc. – security has to be considered in everything they do.
In many organizations, CyberSecurity is a C-level function through a Chief Security Officer (CSO). In other organizations, CyberSecurity is handled through a team that reports directly to the Chief Information Officer (CIO). Other security titles include:
- Security Analyst
- Security Specialist
- Security Manager
- Ethical Hacker (also called “White Hat” Hacker – the good guys wear white hats, the bad guys black hats)
There are many skills important to successful CyberSecurity initiatives:
- Understanding the key threats – The IT department needs to understand the various kinds of security threats and risks.
- Understanding how to make the company more secure – There are many factors to consider when implementing robust CyberSecurity systems and policies at a company, including how to make networks and infrastructure more secure, how to develop secure applications, and how to secure devices in the event of misuse, loss, etc.
- How to create, implement, and enforce CyberSecurity policy documents – It is vital that a company creates, implements, and enforces CyberSecurity policies. These will not only help keep the company more secure, but they are also valuable documents to help prove the company was doing their best to be secure. There have been lawsuits from customers, shareholders, etc. seeking damages for security breaches, as well as investigations by government authorities. Having the policies in place provides a key line of legal defense.
- Project Management – The most successful CyberSecurity teams don’t just react to threats as they occur – they methodically plan and implement systems to protect the company now and in the future. That requires strong project management skills.
- Is CyberSecurity one of the key priorities for your IT organization?
- How many full-time CyberSecurity professionals do you currently employ?
- Do you have the staff and skills you need today to keep your company’s information assets secure?
- Are you having trouble hiring additional CyberSecurity talent?
- Do you encourage or require certifications for CyberSecurity?
If so, which ones? Security+, CISSP, others?
Skillsoft provides a range of content to support all of the skills described in the previous sections. Here are some tips for finding the right content to show to your customer/prospect:
- Playlists on IT demo advanced group on demo8 – This is where you should start!! There is a folder in the Playlists section called “CyberSecurity”. You will find a number of CyberSecurity playlists that highlight our best CyberSecurity content, and the content is presented in the order a learner should take them. The playlists also include multiple modalities including videos, books, video-based courses, mentoring, and Virtual Practice Labs. A number of certifications are also covered. If you asked the questions suggested earlier, you can select the playlists that most closely align with their needs.
- Browse – To find CyberSecurity content in Browse Views, go to Browse > IT Skills > Security. From here you would click on the appropriate sub-topic based on the questions you asked earlier. As you go through the Browse views, make sure you point out how we are presenting the latest content at each step. We are all about “content discovery”, not “searching”.
Computer Crime and Forensics
Security Accreditations and Best Practice
Software Development Security
Mobile Device Security
Search – You can easily search on specific CyberSecurity technologies, but you may get a large number of assets returned without a clear indication of what you should take and what order you should take it in. If you use search, try to use advanced searching techniques to narrow the number of search results. For instance, instead of searching on “security” or “defensive programming”, search on “C++ Defensive Programming” to get a targeted list of assets.
If you find a course, click the Related Items link to see if the course is part of a course series. Related Items will also show how the asset is categorized, and you click the displayed category links to see if there is more related content. If the course is part of a course series, click the course series to show all the relevant courses presented in the order they should be taken.
This article was originally published by Skillsoft.