The cyber security industry appears to be struggling to keep pace with a seemingly never-ending stream of new vulnerabilities exposing organisations to ransomware attacks, corporate espionage and worse. Trade shows such as InfoSecurity Europe 2017 host hundreds of new “off-the-shelf solutions” that claim to provide cybersecurity at a stroke. The million dollar bet here is whether a custom made solution based on the company’s precise needs with full interoperability would be possible.
Operational security requires a continuous process of awareness, preparedness and readiness. It is a highly demanding, cross-domain activity that requires effective communication and coordination between people that often have different knowledge and perspective for information security within the organization. It is neither a fixed cost nor a fixed duration project; rather an on-going business program with strategy, plans, objectives and stakeholders.
It appears that the external threats to an organization are increasing steadily, and may, in fact, be increasing more rapidly than is commonly reported. To combat cybercrime, a set of management procedures and an organizational framework for identifying, assessing and mitigating risks, is necessary. Rather than reacting to individual problems in an ad-hoc manner these fundamental activities allow an organization to deal with risks throughout the business. This set of activities constitutes risk management. The optimal model to address the risks of internet security must combine technology, process and insurance. This Risk Management approach permits companies to address successfully a range of different risk exposures. In some cases, technical controls help address these threats; in others, procedural and audit controls must be implemented. Because these threats cannot be completely removed, however, Cyber - Risk insurance coverage represents an essential tool in providing such non-technical controls and a major innovation in the conception of risk management in general.
Today, infrastructure encompasses computer technology and key business processes and is increasingly web-based. Thus, the availability and security of computer networks and web sites have become a critical component of an organization’s risk profile. Even though preventative security steps can be taken by companies, there is no silver bullet that can make businesses completely secure. Insurance companies have to develop new insurance policies to provide coverage for online risks. Cyber insurance covers a number of areas not normally spelled out in traditional policies. Failure to attend to information-security issues may result in contractual liability through material adverse effect clauses as well as representations and warranties regarding security, due diligence and compliance. The optimal model to address the risks of Internet security must combine technology, process and insurance.
Information Security in critical infrastructures is a major challenge. Critical infrastructure can be damaged, destroyed or disrupted by deliberate acts of terrorism, natural disasters, and negligence, leading to loss of confidentiality, integrity and availability of the critical infrastructure information assets. Vulnerabilities in critical infrastructure not only create risk for systems, networks, information and public trust, but also create risk to the economic and national security. Protection of the critical infrastructure information components has become especially important for the economic vitality and way of life. Attacks on critical infrastructure could disrupt the direct functioning of key business and government activities. Critical infrastructure protection requires the development of a competent protection strategy by identifying the critical assets and evaluating the possible risks.
PKI implementations have a great failure rate, statistically, due to absent or misplaced organizational structures, the role and the effectiveness of which is considered critical in the establishment of the relevant operational model, supporting policy and legal framework. The scope of this framework describes the delivery of PKI services by, and on behalf of, government and provide recommendations based on experience and best practices as these have been recorded by Obrela Security Industries and the industry in general. It is applicable to all systems responsible for the delivery of e-Government services to citizens, businesses and other organizations.
The need for protection of information, one of the most valuable assets in the modern society, has increased dramatically in the last decade. ‘However, hand by hand with any technological and economic advancement new fraud and crime committing methods appear, targeting at our valuable information assets. Cryptography is one of the key technologies for ensuring confidentiality, integrity and availability of information, however it is being also used in order to cover criminal activities and evade wiretapping by Law Enforcement Authorities. The use of cryptography as a means of protection of privacy has created the need for establishing a Legal as well as technological framework in order to perform Lawful Interception (LI). Lawful interception (LI) is the legally sanctioned official access to private communications, such as telephone calls or e-mail messages. The usage of Lawful Interception has been and still is one of the most controversial issues of modern society.
This Information Security Guide is meant for all users in the organization. The Guide summarizes the most central basic issues of information security and gives practical advice for the implementation of information security in one’s own work. If you need more information you should first check the organization’s IS Policy manual.