Countering Non-Network Cyber Threats

While network-based threats are common, there are also non-network cyber threats that can compromise the security and integrity of computer systems and data. Here are some examples of non-network cyber threats: Malware: Malicious software, such as viruses, worms, trojans, ransomware, and spyware, that infects and compromises computers or networks. Malware can be introduced through various means, such as infected USB drives, malicious email attachments, or compromised software. Physical Attacks: Attacks Read more…

How Can Information Network Attacks be Mitigated or Prevented?

Mitigating and preventing network attacks requires a multi-layered approach that combines technical and procedural measures such as security best practices, and user awareness. Here are several strategies and recommendations to help mitigate and prevent network attacks: Keep systems and software updated: Regularly apply security patches and updates to operating systems, software applications, and firmware. Outdated software often contains vulnerabilities that attackers can exploit. Implement robust network security measures: Utilize firewalls, Read more…

What is a Vishing Attack and How Can You Guard Against It?

A vishing attack, also known as “voice phishing“, is a type of social engineering attack that involves using voice communication, typically over the phone, to deceive and manipulate individuals into revealing sensitive information or performing certain actions. The term “vishing” is a combination of “voice” and “phishing.” In a vishing attack, the attacker impersonates a trustworthy entity, such as a bank representative, government official, or customer service agent, to gain Read more…

Nine Examples of Different Types of Information Network Attacks

Information network attacks can take various forms and target different aspects of computer networks. Here are nine examples of different types of information network attacks: Denial-of-Service (DoS) Attack: This attack aims to overwhelm a network, system, or service with an excessive amount of traffic or requests, making it inaccessible to legitimate users. For example, a botnet flooding a website with traffic to bring it down. Distributed Denial-of-Service (DDoS) Attack: Similar Read more…

An Outline Approach for Cyber Security Compliance

[Organization Name]: Cyber Security Compliance Table of Contents: 1. Introduction 2. Purpose and Scope 3. Policy Statements 3.1. Information Security 3.2. Risk Management 3.3. Compliance 3.4. Roles and Responsibilities 4. Guidelines for Employees  4.1. General Security Practices 4.2. Access Control 4.3. Password Management 4.4. Data Protection and Privacy 4.5. Incident Reporting and Response 5. Guidelines for Stakeholders 5.1. Third-Party Security 5.2. Supply Chain Security 6. Conclusion   Introduction: Cybersecurity is Read more…

What is Meant by Cyber Security Governance?

Cybersecurity Governance refers to the framework and processes through which an organization manages and oversees its cybersecurity activities. It involves the establishment of policies, procedures, and structures that guide and support the organization’s cybersecurity objectives, risk management, and compliance efforts. The primary goal of cybersecurity governance is to ensure that the organization’s information assets and systems are protected against unauthorized access, disruption, or damage caused by cyber threats. It involves Read more…

A look at BS7858: Security Screening of Individuals Employed in a Security Environment.

The BS7858 standard is a widely recognized and followed standard within the UK security industry. It specifically pertains to the screening and vetting of individuals employed in security-related roles, ensuring that they meet certain criteria and possess the necessary integrity and reliability. The standard outlines a comprehensive set of guidelines and best practices for conducting background checks on employees, with the aim of minimizing security risks and maintaining a high Read more…

A look at ISO 31030:2021: Travel Risk Management Standard

ISO 31030 is a standard developed by the International Organization for Standardization (ISO) that provides guidelines for the management of travel risks in organizations. It aims to help organizations identify, assess, and control risks associated with business travel and ensure the safety and well-being of employees. The standard emphasizes the importance of a proactive and systematic approach to travel risk management. It outlines key principles and provides guidance on establishing Read more…

Ten Examples of Aligning Business Objectives with Security Strategies

Aligning security with business objectives should be a top priority, but that is not always the case for many organizations. Starting with a “Corporate Mission”, it is important to understand all the processes in the value chain required to deliver that mission, and what hurdles must be overcome within each to achieve the mission (ie, legal compliance), and the levels and resources required to prevent or respond to interruption to Read more…

How to Structure a Protective Security Plan for a Soft Target

The following is a proposed outline structure of a plan for the protection of a soft target, such as a hotel, from a terrorist attack. Introduction The purpose and scope of the plan The threat environment and the likelihood of an attack The consequences of an attack on the hotel and its guests Risk Assessment Identification of potential threats and their likelihood Vulnerability assessment of the hotel and its surroundings Read more…