The approach of cybersecurity is to focus resources on crucial system components and to protect the biggest known threats without leaving components defenceless against less dangerous risks. Within an organisation the people, processes and technology must function in collaboration to create an effective defence against cyber-attacks. Let’s quickly look at them individually:
Data controllers must understand and comply with basic data security principles, for example passwords, attachments in e-mails and storage of data.
Data controllers must have a framework for dealing with attempted and successful cyber-attacks. This framework must include the manner in which the Company identifies cyber-attacks, protects systems, detects and responds to threats and recovers from successful attacks.
Technology in the organisation should be updated and protected, for example computers and routers, networks and the cloud, firewalls, malware protection, antivirus software and email security solutions.
Staff should be aware of cyber risks and be trained on a regular basis to be diligent in identifying possible cyber breaches.
Ensuring cybersecurity in the current business environment requires a more proactive and adaptive approach to the coordination of efforts throughout an information system, which includes Application security, Information security, Network security, Disaster recovery, Operational security and End-user education.
The process of keeping up with new technologies, security trends and threat intelligence is a challenging task. It is essential, however, in order to protect information and other assets from cyber threats, which could take many forms:
Awareness and constant monitoring are important in ensuring cybersecurity. Implementing guidelines to identify and assess risks in the business environment is crucial to enhance cybersecurity.
The implementation of practical, innovative security technologies can be overwhelming at first. Identifying cybersecurity risks and monitoring these risks are the first steps to cybersecurity. Implementing guidelines and an assessment framework for cybersecurity programs seek to enable critical information security infrastructure.
SERR Synergy assists businesses in compiling an Information Security Management policy where the physical information and cybersecurity risks of organisations are identified and managed to maintain the confidentiality, integrity and legitimate availability of data.
Don’t miss the next part of our analysis and practical guide to ensure cybersecurity and learn how cybersecurity relates to all aspects of Information Compliance legislation in South Africa.
About the Author: Retha van Zyl completed her BCom Hons (Economics and Risk Management) studies at the North West University. She joined our team in January 2016 and currently holds the title ‘Information Compliance Advisor’. She specialises in POPI and PAIA compliance, which includes compiling and submitting PAIA manuals to the Human Rights Commission. She also compiles and implements Information Security Management policies to identify risks associated with information security in each department within an organisation.
© 2018 SERR Synergy. All Rights Reserved.
This event is closed for SERR employees only.
Please supply the password supplied by your line manager.
YES programme participation can assist qualifying businesses to enhance their overall B-BBEE status with up to 2 levels.