Cybersecurity
the "preservation of confidentiality, integrity and availability of information in the Cyberspace"
Cyberspace
the complex environment resulting from the interaction of people, software and services on the Internet
by means of technology devices and networks connected to it, which ...
the "preservation of confidentiality, integrity and availability of information in the Cyberspace"
Cyberspace
the complex environment resulting from the interaction of people, software and services on the Internet
by means of technology devices and networks connected to it, which does not exist in any physical form
NIST Cybersecurity Framework
Identify—Use organizational understanding to minimize risk to systems, assets, data and capabilities.
Protect—Design safeguards to limit the impact of potential events on critical services and infrastructure.
Detect—Implement activities to identify the occurrence of a cybersecurity event.
Respond—Take appropriate action after learning of a security event.
Recover—Plan for resilience and the timely repair of compromised capabilities and services.
Lines of Defense
The first line is ownership, implementation and execution.
The second line is risk management, including monitoring/measurement.
The third line is independent testing and assurance.
The objectives of a cybersecurity audit are to:
Provide management with an independent assessment of the effectiveness of cybersecurity processes,
policies, procedures, governance and other controls
Identify security control concerns that could affect the confidentiality, integrity or availability of the
information assets due to weaknesses and vulnerabilities in the system of internal controls, including
key security controls
Evaluate the effectiveness of response and recovery programs
, Evaluate compliance with cybersecurity relevant laws and regulations
Governance
the responsibility of the board of directors and senior management of the enterprise.
Goals of a governance program
•Provide strategic direction
•Ensure that objectives are achieved
•Ascertain whether risk is being managed appropriately
•Verify that the enterprise's resources are being used responsibly
Risk Management
involves the coordination of activities that direct and control an enterprise regarding risk. Requires the
development and implementation of internal controls to manage and mitigate risk throughout the
enterprise, including financial, operational, reputational, investment, physical security and cybersecurity
risk.
Compliance
involves not only adhering to mandated requirements defined by laws and regulations, but also
demonstrating that adherence. Often extends to voluntary requirements resulting from contractual
obligations and internal policies.
Confidentiality
the protection of information from unauthorized access or disclosure. Different types of information
require different levels of confidentiality, and the need for confidentiality can change over time.
Personal, financial and medical information require a higher degree of confidentiality than publicly
available information. Similarly, some enterprises need to protect information on competitive products
(e.g., business strategies, marketing information, intellectual property).
Integrity
the protection of information from unauthorized modification. The concept of integrity also applies to
electronic messaging, files, software and configurations.
Availability
ensures the timely and reliable access to and use of information and systems. Includes safeguards to
make sure data are not accidentally or maliciously deleted. This is particularly important with mission-
critical systems because any interruptions in availability can result in significant loss of productivity and
revenue. Similarly, the loss of data can impact management's ability to make effective decisions and
responses. Can be protected by the use of redundancy, backups, and implementation of business
continuity management and planning.
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper THEEXCELLENCELIBRARY. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €14,58. Je zit daarna nergens aan vast.
