Patrick Domingues

Cybersecurity Fundamentals

1. Identify and protect valuable assets – It is important to identify the assets that are most valuable to your organization and ensure that they are adequately protected.
2. Monitor and track changes – Regularly monitor and track changes to your systems, such as changes to user accounts, data and applications.
3. Establish secure access protocols – Establish rules and protocols for granting access to any system.
4. Implement measures to protect data – Develop and implement measures to protect your data, such as encryption and secure backups.
5. Develop and practice incident response plans – Create and regularly practice incident response plans to quickly and effectively respond to any cyber attack.
6. Train and educate users – Regularly train and educate users on cyber security best practices and policies.

3. The Five Cybersecurity Frameworks

1. NIST Cybersecurity Framework (NCSF) – Developed by the National Institute of Standards and Technology (NIST), the NCSF is a comprehensive framework meant to help organizations assess and manage their cybersecurity risk. The framework is divided into five core functions – identify, protect, detect, respond, and recover – meant to help an organization identify, evaluate, and manage cyber risks.
2. The Center for Internet Security (CIS) Controls – Developed in 2018 by the Center for Internet Security, this framework is based on the NIST Cybersecurity Framework and provides organizations with a prioritized list of steps to prevent and mitigate cyber threats. CIS Controls are divided into three categories – basic, foundational, and organizational – and consist of 20 controls with implementation guidance.
3. ISO 27001 – An international security standard published by the International Organization for Standardization (ISO), ISO 27001 provides detailed guidance for implementing a comprehensive information security management system. The framework outlines the resources and processes that are necessary for an effective security system and includes guidance for developing and assessing information security policies and procedures.
4. Cloud Security Alliance (CSA) – A collection of best practices, standards, and models for secure cloud computing, the CSA is meant to help organizations mitigate risks when working with cloud providers. The CSA consists of 14 domains, including data security, identity and access management, and availability.
5. Payment Card Industry Data Security Standard (PCI DSS) – is a global information security standard designed to prevent fraud through increased control of credit card data. Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands, Visa, MasterCard, American Express, Discover, and the Japan Credit Bureau (JCB). Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and cardholder data.

https://unsplash.com/@scottwebb

Conclusion

I hope this article was helpful, if you have any questions please feel free to contact me. If you would like to be notified of when I create a new post you can subscribe to my blog alert.

Patrick Domingues

See Full Bio