Blog

There has been lots of talk about CyberSecurity in recent days and seemingly overnight this topic has taken center stage of discussions regarding physical security and information security. The key to understanding CyberSecurity is context of which the average Joe and Jill expect CyberSecurity professionals to clarify and shed light upon. To help accomplish this communication challenge I created an Info-graphic to demonstrate the relationship between Information Security and CyberSecurity. Its safe to say that the success of CyberSecurity initiatives will be critical dependent upon the understanding of Information Security and the organizations approach to adopting an Information Security Culture. Equally important will be the Management System used to manage CyberSecurity decisions based on appropriate Governance and Risk Management. InfoGraphic link; CyberSecurity Defined http://tinyurl.com/mhm7k5d It’s note worthy that up to this point isolated initiatives like the Payment Card Industry's PCI DSS and Cloud Computing Security have not had a seat at the Board of Directors. These initiatives could join Data Protection and Privacy initiatives under one umbrella for CyberSecurity and they will be ultimately influenced by CyberSecurity Governance and Risk Management once the scope of CyberSecurity is better understood within each respective organization. Information Security Defined The protection of Enterprise data, information, knowledge and wisdom (DIKW) in all formats, (audio, visual, digital, physical), at rest, during processing or transmission from the loss of confidentiality, integrity, and availability leading to unauthorized access, modification, destruction, denial of service, interception, loss of service, unauthorized disclosure. This would entail developing and maintaining a program with the capability to identify threats, contain, and investigate breaches and remediation of any vulnerabilities to data, information and knowledge in compliance with legal obligations defined by statutes, regulations & contractual obligations. In addition EISP program would oversee CyberSecurity and manage information security governance, budgets, tactical & strategic planning, architecture, monitoring events & incidents, incident response, communications, investigations, risk management, vulnerabilities, compliance, continuous improvement, identity & access management, maintaining records & critical documentation, BCP/DRP. CyberSecurity Defined The protection of DIKW in all formats during transmission and processing over the Internet. This would entail establishing security standards for purchasing secure Cyber products and services, ongoing Cyber risk management of services, configuration and security testing security of Cyber devices utilized for the transmission of DIKW. Follow Mark E.S. Bernard, CISSP, CISM, CISA, CGEIT, CRISC