Cyber Security Practice Areas

There are many different, and constantly evolving, disciplines that make up a complete cyber security approach. Here are some of the most common disciplines:

Data Security

Protecting and maintaining the integrity of business, customer, and other data.

Application Security

Ensuring that software and other applications cannot be hacked, compromised, accessed without proper authorization, or disabled.

Network Security

Protecting network infrastructure and software from unauthorized access.

Operational Security

Day-to-day monitoring and security management.

Cloud Security

Cyber security methods used across public, private, or hybrid cloud environments.

Identity and Access Management (IAM)

Authenticating users and authorizing them to access specific applications, data, and other systems.

Privileged Access Management (PAM)

Controlling and monitoring privileged access for users, accounts, applications, and other system assets.

Vulnerability Management (VM)

Proactive identification (such as through scanning) and resolution (such as through patching, systems hardening, implementing new solutions, etc.) of potential threats and vulnerabilities in the IT ecosystem.

Enterprise Mobility Management (EMM)

This can include mobile device management (MDM) and other processes and technologies for securely enabling a mobile workforce.

Business Continuity (BC) and Disaster Recovery (DR).

Planning for events that cause IT disruption (whether arising from human error, equipment failure, malware or hacking attack, environmental catastrophe, etc.) and restoring IT functionality as soon as possible after such an event. BC / DC overlap with incident response, which is focused on marshaling resources to handle a security incident and also forensically investigate how the incident occurred and plan for implications (such as audit, public breach notification, etc.).

Security Training

Teaching employees and other users to identify and appropriately deal with common security issues like phishing, malware, or social engineering.

All of these practices are vital to keeping business systems secure and operational, and for avoiding data breaches or hacks that expose business, partner, or customer data.

Why Cyber Security is Important

IT attack vectors are exploited by criminals to gain unauthorized access to the IT environment, potentially damaging a victim (organization or individual) through stolen data, downtime, identity theft, reputational damage, and more. Over the last several years, the traditional IT perimeter has been said to dissolve due to the impact of largescale trends—namely increasingly mobile workforces and cloud technologies. At the same time, threats against software, systems, infrastructure, and data are constantly evolving.

Specific issues that cyber security measures can help protect against include:

Cyber-attacks

Brute force, targeted, and denial of service attacks that take your business offline or provide unauthorized access to your systems and data

Data breaches

Exposure of sensitive business, customer, and supplier data

Identity theft

Compromised customer data that results in the theft of logins, passwords, and other sensitive, personally identifiable data

Cyber security helps your organization stay ahead of cyber threats by providing a toolbox of approaches, tactics, and software to identify and protect against threats.

A comprehensive cyber security strategy, supported by strong policies, processes, practices, and tools can significantly reduce the risk that an organization or individual will be targeted or damaged by cyber-attacks.

Cyber Security and How it is Evolving

Cyber security is an “arms race” between IT security teams and cyber criminals, who want to exploit company systems and steal data. Here are some of the key areas to bear in mind when evaluating cyber security strategies, policies, and tools:

Common Cyber Threat Vectors

Cyber security teams need to deal with a wide range of risks and threats. Here are some of the most common cyber threat vectors.

Malware

Viruses, worms, and trojans that find their way into IT systems and replicate across the networks. These may often be combined with keyloggers, or other malicious software to steal access details and other data.

Ransomware

A special type of encrypted attack malware that locks up and encrypts files, demanding a ransom (often in Bitcoin) in exchange for removing the encryption and restoring access for the system owner.

Social Engineering

Criminals use confidence tricks and other techniques to get employees to let their guard down and share sensitive information, such as logins and passwords.

Phishing

Use of fraudulent emails and other messages to convince people to install malware or otherwise reveal sensitive information about business systems.

Sabotage

Denial of service (DoS) and other attacks designed to take down business assets like websites or publicly available applications and services.

Vulnerability Attacks

Unpatched software and systems create vulnerabilities that criminals exploit through targeted attacks.

Cyber security Strategies, Policies, and Processes

Your cyber security approach will vary depending on the type of environment you operate within. For example, if you use a Managed Service Provider (MSP) to host your data and systems, you will need to align your cyber security strategy, policies, and processes with the MSP.

If you’re moving to a cloud-based infrastructure, you will need to adapt your approach accordingly. Essentially, you must make every attempt to protect business IT assets wherever they are located, and at all times. Ensure that the software you use has the capability to operate across multiple environments and use cases.

Cybersecurity Best Practices

Cyber security involves the application of a number of tools, approaches, and best practices that can significantly reduce cyber risk.

Audit your existing IT ecosystem

Audit every element of your networks, servers, infrastructure, operating systems, applications, and data. It is only through having a complete map of your IT systems that you can identify attack vectors and threats.

Complete a gap analysis

Once you understand the potential threats to your IT security, understand the existing tools and approaches you have in place to deal with cyber security threats.

Use a risk-based approach to cyber security

Once you have identified potential threats, rate each one based on likelihood and impact. This will help you prioritize which risks to deal with first.

Take advantage of modern cyber security software

Seek out vendors and software that use modern detection techniques to identify and report on threats. Ideally, this software should be updated on a regular basis to take advantage of new learning and identified issues.

Implement robust identity and access management

Tools like biometrics, single sign-on, two-factor authentication, and adaptive security controls can help you ensure that you are requesting proper authentication from authorized users.

Use privileged access management

The principle of least privilege will ensure that you only provide the access necessary for individuals to perform their roles. This will keep the most sensitive data off-limits, available only to those who have reason to access it.

Employ vulnerability scanning

Vulnerability scanning and penetration testing will identify potential flaws in your IT security. This will help you create an effective patch schedule to resolve any issues.

Train your employees in good security practices

Employees are often the weakest link in the cyber security chain. Make sure they are educated about social engineering, phishing, malware, and other scams, and that there is proper reporting and escalation routes if they identify threats.

Take account of cyber security frameworks

There are a number of frameworks, best practices, and regulations you can use to guide cyber security. These include PCI DSS, ISO 27001/27002, CIS Critical Security Controls, and the NIST Cybersecurity Framework.

Types of Jobs and Roles in Cyber Security

Cyber security has several distinct job roles that are commonly found across well-staffed IT teams. These roles include:

Chief Information Security Officer (CISO)

Accountable for all IT security across the entire organization.

Security Engineer

Reviews, tests, and implements processes and technology to protect IT and company assets from cyber security threats, especially infrastructure.

Security Architect

Identifies, plans, designs, and implement security tools to maximize security and minimize risk.

Security Analyst

Will review assets, reports, outputs, and more to identify potential risks and arrange for resolution.

The following responsibilities may be assigned to specific IT security team members: