Cybersecurity governance, risk management, SIEM Security Information and Event Management, SOC Security Operation Center, employee awareness, threat detection, information security, cyber threats, data protection
Reader
Abstract
Extract
of 53
Abstract
This document discusses the importance of cybersecurity governance, risk management, and employee awareness in protecting information systems from cyber threats.
Extract
[...] Despite our expertise and knowledge, there is no zero-risk in terms of potential cyber attacks. We try our best every day. 3. The diversity of threats is for me the main challenges, and the potential lack of vigilance that we may have with the amount of information that we consume every day. 4. I would say that for me, what is the most difficult is the difficulty in keeping up with the rapid evolution in the field of technology. Everything is moving very quickly and threats are becoming increasingly present in all spheres of our lives. [...]
[...] the structures in charge of enforcing law and order are first of all faced with limits in terms of technical skills and they find themselves in an inability to catch up with the evolving technologies of cybercrime; they also have very little experience in the field of cybercrimes; in addition, they are faced with limits in terms of cooperation with industries that evolve in the technological sector and which could accompany them technically; 2. the victims of cybercrimes, whether individuals or businesses, on the other hand, lack confidence in law enforcement; are generally in positions where they have very few defensive computer postures or those that exist are otherwise weak and it is often what justified the attack by cybercriminals. Also, these victims may sometimes be tempted to respond favorably to the possible demands of cybercriminals in order to avoid paying ransoms, for example. 3. [...]
[...] Gartner presents four key data security techniques that can be used to implement these principles. - Encryption (applying a cryptographic algorithm with a key so that data is not easily readable and/or modifiable by unauthorized parties) - Masking (replacement of all or part of a valuable data with a representative token of low value) - Erasure (ensuring that inactive or unused data is reliably deleted from a repository) - Resilience (creation of backup copies of data so that organizations can recover the data if it is accidentally deleted or corrupted or if it is stolen during a data breach). [...]
[...] Thus, within the framework of the risk analysis produced by the audit, it appears essential for the company to have a global vision of the possible flaws in the system allowing it to assess the processes and see the risks to which it may be exposed and thus be able to put in place corrective measures capable of effectively combating the potential threats encountered. Conclusions The objective of this thesis aimed to explore effective measures to address the challenges of cybersecurity in a mid-sized IT company. Cybersecurity is a major concern for any organization today, and rightly so. For example, in recent years, threats have multiplied in the field of cybersecurity. [...]
[...] In a first category, computers aid cybercriminals in committing their crimes; 2. In a second category, computers become themselves targets. - Category Computers are tools for aiding cybercrime: Access and content removal Malicious data tampering or modification Use of communications - Secrets - Knowledge - Contents on copyright - Sexual Contents - Community Rumors -Company Information - Denial of Identity - Financial Statistics - EMP Supply - Sabotage of equipment -Account Takeover - Image Distortion - Harassment - Spamming - Ransom - Trade in prohibited materials and information Table 1 : Cybercrimes using computers as a tool When computers are used as tools, the following illegal activities are carried out: - Unauthorized access and content sharing - Malicious alteration or modification of data - Use of communications - Category Computers are the target of cybercrime activities: Unauthorized access Malicious code injection Disruption of operation Service theft - Piracy -System diversion -Network diversion - IP address usurpation -Malicious software - Spyware - Virus -Ransomware -Image distortion - DoS - DDoS - Unauthorized use Tableau 2 : Cybercrimes targeting computers When computers become the target of criminals, the following illegal activities are practiced: - Unauthorized Access - Injection of malicious code - Disruption of operations - Theft of services C. [...]
