Cybersecurity Posture
CSIGRC
What you know, What you have, What you are
A security assessment is based on the following three pillars; what you know, you have, and you are.
Passwords are what only you know. Therefore, the knowledge of a secret that only you have can help the authentication system to check to see if the person claiming to be you is really you!
Passwords can easily be forgotten or hacked into so, as the 2nd line of defence 2-factor authentication like a code is what you have.
However, It’s quite normal for people to forget or loose things. The 3rd line of defence is biometrics authentication to prove what you are. So, fingerprint, retinal, and voice scans are implemented more, and more often in today’s cybersecurity controls to complement your cybersecurity posture.
Cybersecurity Posture & Security Awareness
Security Awareness Training Examples
Social Engineering
One of the important messages in a security awareness program is about understanding of the social engineering. Although the social engineering techniques are not new, the thread actors know that it is inexpensive to operate, and it sure works.
Phishing Attack
This is a significant threat deployed against individuals or entire departments of a company. It can be in a stream of emails, phone calls, spam, instant messages, videos, and file attachments. In addition, phishing attacks can attempt to trick highly placed officials, or individuals with sizable assets into authorizing large fund wire transfers.
Password Protection
The best practice security policies include appropriate use of passwords. However, we encourage the use of different passwords for different systems, also to avoid writing down passwords, sharing, and reusing the ones for business on a personal use.
RISK ASSESSMENT & MANAGEMENT
Build a case
Information security and risk assessment are important matters for any organization regardless how small or large your business might be. Risk management is part of InfoSec operation, and risk assessment is one of the on-going activities alongside protection function, security education, and awareness.
The latest cybersecurity skills and qualifications are needed to implement the controls, and best practices for your organization. To mitigate the security risks or deal with threats in real-time, you need to update your policies, and constantly audit and review compliance procedures!
CSIGRC
Cybersecurity Posture & Vulnerability Assessment
Your Assets
To assess vulnerability in any information system you need to identify the assets / owners, threats, likelihood of the occurrences, and frequently update the asset inventory in all departments.
Your Network
To identify the impact of a compromised network on the performance of your organization it is important to assess the value of your information, and the Effectiveness of Existing Safeguards.
Your Business
To analyze the severity of vulnerabilities in your small business, to calculate residual risks, and recommend a course of action, risk assessment is the first step towards your risk management plan.
CSIGRC