Cyber Security

Cybersecurity Standard

Officially, ISO/IEC 27032 addresses “Cybersecurity” or “Cyberspace security”, defined as the “preservation of confidentiality, integrity and availability of information in the Cyberspace”. In turn “the Cyberspace” (complete with definite article) is defined as “the complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form”.

source

Combating this is a multi-disciplinary affair that spans hardware and software through to policy and people – all of it aimed at both preventing cybercrime occurring in the first place, or minimising its impact when it does. This is the practice of cybersecurity..
source

Cybersecurity Framework – a set of industry standards and best practices to help organizations manage cybersecurity risks. The resulting Framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.

source

Implementing Cyber Security

1. Complying with Regulatory Authority Guidelines like 

• APRA(Australian Prudential Regulation Authority)
• OAIC(Office of the Australian Information Commissioner)
• ASIC(Australian Securities and Investments Commission)
• International Standards Organisation

2. Identifying Risks

• Data Loss
• Fraud
• Business Disruption

3. Adoption of Information Security Control

• Information lifecycle management
• DataQuality
• Privacy & Data Protection

4. Information Handling

• Nomenclature
• Access
• Distribution
• Storage
• Disposal
• Retention
• Sanitisation

5. Application and uses of Information systems

• Appropriate use
• Disclousre
• Password Saftey
• Electronic Communication
• Remote Access
• Use of Hardware and Software
• Security Incidents

6. Implement User Access Controls

• Disabling
• Emergency Accounts
• Privileged Accounts
• Federation & Trust

7. Implement Seggregation of duties

• Identify
• Remediate
• Review

8. Implement Access Control Authentication

• Passwords
• Prevent Brute force
• Timeouts

9. Implement Cryptograpy

• Approved encryption methods
• Using Encryption
• Using keys
•  Storage of keys

10. Implement Physical and Environmental Security

• Perimeter Security
• Physical access
• Fire,Flood, Power protection
• Facilities disaster recovery
• Physical security control equipment
• Equipment Management & removal

11. Implement Information systems acquisition,development and maintenence

• Changement Management
• Security life cycle development process
• Speration of environments between production and non production

12. Implement Operations Management

• Operational readiness
• Virus/Malware protection
• Resourcing
• Backup
• Vulnerbaility Management
• Audit,logging& Monitoring

13. Implement Network Security

• Monitor data/information transfer
• Monitor network connection
• Block non business websites

14. Implement control for Third Party and Cloud Engagements

• Agreements
• Non disclosure Agreements
• RACI
• Risk assessment

15. Implement ISMS incident management

• Incident management
• Reporting
• Root cause analysis

16. Implement process and policies around BYOD

17. Implement Cyber Security Strategy

• Identity or Identities 
• Cyber Saftey
• Application Security
• Governance
• Data Security
• Cloud Security
• Workplace and Mobility

Cyber Security Tools

1. Antivirus

• Mcafee
• symantec
• Trend Micro
• AVG

2. Gateway Monitoring

• Fireeye
• Websense
• Kaseya Network Monitor

3. Network Monitoring

• Akamai Prolexic Routed
• Cisco Sourcefire

4. Cyber Security Analytics

• Splunk
• RSA netwitness
• Arcsight
• Fireeye threat analytic platform
• Mandiant

5. Cybercrime prevention tools

• phisingbox.com
• phishme