Cybersecurity
the "preservation of confidentiality, integrity and availability of information in the Cyberspace"
Cyberspace
the complex environment resulting from the interaction of people, software and services on the Internet
by means of technology devices and networks connected to it, which ...
the "preservation of confidentiality, integrity and availability of information in the Cyberspace"
Cyberspace
the complex environment resulting from the interaction of people, software and services on the Internet
by means of technology devices and networks connected to it, which does not exist in any physical form
NIST Cybersecurity Framework
Identify—Use organizational understanding to minimize risk to systems, assets, data and capabilities.
Protect—Design safeguards to limit the impact of potential events on critical services and infrastructure.
Detect—Implement activities to identify the occurrence of a cybersecurity event.
Respond—Take appropriate action after learning of a security event.
Recover—Plan for resilience and the timely repair of compromised capabilities and services.
Lines of Defense
The first line is ownership, implementation and execution.
The second line is risk management, including monitoring/measurement.
The third line is independent testing and assurance.
The objectives of a cybersecurity audit are to:
Provide management with an independent assessment of the effectiveness of cybersecurity processes,
policies, procedures, governance and other controls
Identify security control concerns that could affect the confidentiality, integrity or availability of the
information assets due to weaknesses and vulnerabilities in the system of internal controls, including
key security controls
Evaluate the effectiveness of response and recovery programs
, Evaluate compliance with cybersecurity relevant laws and regulations
Governance
the responsibility of the board of directors and senior management of the enterprise.
Goals of a governance program
•Provide strategic direction
•Ensure that objectives are achieved
•Ascertain whether risk is being managed appropriately
•Verify that the enterprise's resources are being used responsibly
Risk Management
involves the coordination of activities that direct and control an enterprise regarding risk. Requires the
development and implementation of internal controls to manage and mitigate risk throughout the
enterprise, including financial, operational, reputational, investment, physical security and cybersecurity
risk.
Compliance
involves not only adhering to mandated requirements defined by laws and regulations, but also
demonstrating that adherence. Often extends to voluntary requirements resulting from contractual
obligations and internal policies.
Confidentiality
the protection of information from unauthorized access or disclosure. Different types of information
require different levels of confidentiality, and the need for confidentiality can change over time.
Personal, financial and medical information require a higher degree of confidentiality than publicly
available information. Similarly, some enterprises need to protect information on competitive products
(e.g., business strategies, marketing information, intellectual property).
Integrity
the protection of information from unauthorized modification. The concept of integrity also applies to
electronic messaging, files, software and configurations.
Availability
ensures the timely and reliable access to and use of information and systems. Includes safeguards to
make sure data are not accidentally or maliciously deleted. This is particularly important with mission-
critical systems because any interruptions in availability can result in significant loss of productivity and
revenue. Similarly, the loss of data can impact management's ability to make effective decisions and
responses. Can be protected by the use of redundancy, backups, and implementation of business
continuity management and planning.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller THEEXCELLENCELIBRARY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.
