B ACCOUNT b BASKET  9

Search: GDPR, Cyber Essentials, training...

M anage all your c omplianc e doc ume ntation in one plac e | Ac c e ss, c ustomise and c ollaborate whe ne ve r

UNITED KINGDOM
£ GBP
H h
and whe re ve r you ne e d | Shop toolk its  
SH O P DA TA P R IVA CY CY B E R SE CU R ITY TR A IN IN G STA F F A W A R E N E SS CO N SU L TA N CY SE CU R ITY TE STIN G TO O L S

f[

Cyber security solutions [ Cyber security

W h a t i s C y b e r Se c u r i t y ? D e f i n i t i o n a n d  B e s t P r a c t i c e s
FF ii n
ndd o
ouu tt e
e vv e
e rr yy tt h
h ii n
ngg yy o
ouu n
neee
edd tt o
o kk n
noow
w a
abbo
ouu tt p
p rr o
o tt e
e ct
ct ii n
ngg yy o
ouu rr o
o rr g
gaan
n ii ss a
a tt ii o
onn ff rr o
omm cy
cy b
bee rr a
a tt tt a
a ck
ck ss ..

Cyber Security as a
Service
Cyber security definition
Cyber security is the application of technologies, processes and controls to protect systems,
Information security for
networks, programs, devices and data from cyber attacks.
hybrid working
It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation
Online cyber security of systems, networks and technologies.
training courses
 Learn more about the cyber threats you face.
Cyber security consultancy
services To learn more about the fundamentals of cyber security, read our pocket guide Cyber
Security: Essential principles to secure your organisation.
Cyber incident response
(CIR) management

Cyber health check

Why is cyber security important?
Cyber security audit

SOC 2 audits    The costs of cyber    Cyber attacks are

security breaches increasingly
Cyber security risk are rising sophisticated
assessment
Privacy laws such as the GDPR Cyber attacks continue to grow in
Speak to a cyber security (General Data Protection Regulation) sophistication, with attackers using an
expert and DPA (Data Protection Act) 2018 ever-expanding variety of tactics. These
can mean significant fines for include social engineering, malware
organisations that suffer cyber security and ransomware.
breaches. There are also non-financial
costs to be considered, like
reputational damage.

   Cyber security is a    Cyber crime is a big

critical, board-level issue business
New regulations and reporting According to The hidden costs of
requirements make cyber security risk cybercrime, a 2020 study carried out
oversight a challenge. The board needs by McAfee and the CSIS (Centre for
assurance from management that its Strategic and International Studies),
cyber risk strategies will reduce the based on data collected by Vanson
risk of attacks and limit financial and Bourne, the world economy loses more
operational impacts. than $1 trillion (approximately £750
billion) each year. Political, ethical and
social incentives can also drive
attackers.

WIN £100

Who needs cyber security?

It is a mistake to believe that you are of no interest to cyber attackers. Everyone who
is connected to the Internet needs cyber security. This is because most cyber attacks
are automated and aim to exploit common vulnerabilities rather than specific
websites or organisations.

Types of cyber threats

Common cyber threats include:

Malware, such as ransomware, botnet software, RATs (remote access Trojans), rootkits
and bootkits, spyware, Trojans, viruses and worms.
Backdoors, which allow remote access.
Formjacking, which inserts malicious code into online forms.
Cryptojacking, which installs illicit cryptocurrency mining software.
DDoS (distributed denial-of-service) attacks, which flood servers, systems and
networks with traffic to knock them offline.
DNS (domain name system) poisoning attacks, which compromise the DNS to redirect
traffic to malicious sites.

Learn more about the cyber threats you face, the vulnerabilities they exploit and the types of
attacks that cyber criminals use to deliver them

What are the 5 types of cyber security?

1. Critical infrastructure cyber security

Critical infrastructure organisations are often more vulnerable to attack than others
because SCADA (supervisory control and data acquisition) systems often rely on older
software.

Operators of essential services in the UK’s energy, transport, health, water and digital
infrastructure sectors, and digital service providers are bound by the NIS Regulations
(Network and Information Systems Regulations 2018).

Among other provisions, the Regulations require organisations to implement

appropriate technical and organisational measures to manage their security risks.

2. Network security
Network security involves addressing vulnerabilities affecting your operating systems
and network architecture, including servers and hosts, firewalls and wireless access
points, and network protocols.

3. Cloud security
Cloud security is concerned with securing data, applications and infrastructure in the
Cloud.

4. IoT (Internet of Things) security

IoT security involves securing smart devices and networks that are connected to the
IoT. IoT devices include things that connect to the Internet without human intervention,
such as smart fire alarms, lights, thermostats and other appliances.

5. Application security
Application security involves addressing vulnerabilities resulting from insecure
development processes in the design, coding and publishing of software or a website.

Cyber security vs information security

Cyber security is often confused with information security.
 Cyber security focuses on protecting computer systems from unauthorised access or
being otherwise damaged or made inaccessible.
Information security is a broader category that protects all information assets, whether
in hard copy or digital form.

The legal requirement for cyber security

The GDPR and DPA 2018 require organisations to implement appropriate security measures
to protect personal data. Otherwise, you risk substantial fines.

Cyber security is a critical business issue for every organisation.

Cyber Security as a Service

Unrivalled support, expert advice and ongoing protection to address your organisation’s
cyber security.

An outsourced cyber security resource in just one simple, monthly payment.

F i n d ou t m or e

Challenges of cyber security 

Mitigating the cyber security risks facing your organisation can be challenging. This is
especially true if you have moved to remote working and have less control over employees’
behaviour and device security.

  Learn more about remote working and cyber security

An effective approach must encompass your entire IT infrastructure and be based on regular
risk assessments.

  Learn more about cyber security risk assessments

What are the consequences of a cyber attack?

Cyber attacks can cost organisations billions of pounds and cause severe damage. Impacted
organisations stand to lose sensitive data, and face fines and reputational damage.

  Learn more about cyber crime and how it affects you

  Learn about the cyber threats you face

Managing cyber security

Effective cyber security management must come from the top of the organisation.

A robust cyber security culture, reinforced by regular training, will ensure that every
employee recognises that cyber security is their responsibility and defaults to security
instinctively.

Good security and effective working practices must go hand in hand.

How to approach cyber security

A risk-based approach to cyber security will ensure your efforts are focused where they are
most needed.

Using regular cyber security risk assessments to identify and evaluate your risks is the most
effective and cost-efficient way of protecting your organisation.

  Learn more about cyber risk management

 Cyber security checklist
Boost your cyber defences with these must-have security measures:

1. Staff awareness training

Human error is the leading cause of data breaches. It is therefore essential that you
equip staff with the knowledge to deal with the threats they face.

Staff awareness training will show employees how security threats affect them and
help them apply best-practice advice to real-world situations.

2. Application security
Web application vulnerabilities are a common point of intrusion for cyber criminals.

As applications play an increasingly critical role in business, it is vital to focus on web

application security.

3. Network security
Network security is the process of protecting the usability and integrity of your
network and data. This is achieved by conducting a network penetration test, which
assesses your network for vulnerabilities and security issues.

4. Leadership commitment
Leadership commitment is key to cyber resilience. Without it, it is tough to establish or
enforce effective processes. Top management must be prepared to invest in
appropriate cyber security resources, such as awareness training.

5. Password management
Almost half of the UK population uses ‘password’, ‘123456’ or ‘qwerty’ as their
password. You should implement a password management policy that provides
guidance to ensure staff create strong passwords and keep them secure.

Start your journey to being cyber secure today

IT Governance has a wealth of security experience. For more than 15 years, we’ve helped
hundreds of organisations with our deep industry expertise and pragmatic approach.

All our consultants are qualified and experienced practitioners, and our services can be
tailored for organisations of all sizes.

Browse our wide range of products below to kick-start your project.

: Complete Staff
Awareness E-learning
Suite
Cyber Security for
Remote Workers Staff
Awareness E-learning
Vulnerability
Serv [
Course

FREE
CORPORATE
DELIVERY, CUSTOMER
TERMS AND

RESOURCES INFORMATION RETURNS

SERVICE CONDITIONS
Resources hub COVID-19
AND PAYMENT Contact us Acceptable use policy
Cyber security About us Adobe e-book FAQs Win a £100 gift Cookie policy
resources voucher
Affiliate programme Fulfilment FAQs Complaints and
Data privacy Apply for a corporate Appeals Policy
resources Become an IT Payment options account
Governance partner Terms for buying
ISO 27001 resources Purchase store credit CyberComply portal goods and services
Careers - Join our
IT Governance blog team Returns
 IT Governance Clients Shipping GRC eLearning Terms and conditions
newsletter platform of website use
Events View all FAQs
The weekly round-up DocumentKits Promotion terms and
Press releases platform conditions
Cyber Essentials Privacy notice
FAQs
E-learning FAQs
Training FAQs

JK'Oq

© 2003-2022 IT Governance Ltd | Acknowledgement of Copyrights | IT Governance Trademark Website & eCommerce by Xanthos
Ownership Notification