Is there a simpler way of putting a dollar value on risks?
Privasec's Cyber Security Advisor for APAC, Shamane Tan wrote an article about the Open Group FAIR framework. This framework provides a structured and community vetted approach to calculate the Return on Investment (ROI) on cybersecurity controls. Read the full article here.
Preparing for a Distributed Denial of Service (DDoS)
Distributed Denial-of-Service (DDoS) attack is an attempt to disrupt the normal functioning of a network, server or a website by flooding it with internet traffic. During a DDoS attack, there is practically no time to react.
Therefore, it is crucial to have a plan before a DDoS attack strikes. The plan must properly document the network topology diagram for management of crucial assets during the attack and require the alerting of relevant stakeholders. A few other tricks for preparing for a DDoS attack include the use of sufficient bandwidth, infrastructure redundancy, DNS server redundancy and use of WAF (web application firewalls) for server protection.
Consumer Security Behaviors
Apart from having financial implications, a security breach leads to a loss of consumer trust. An illustration of this is in the hospitality industry, where breaches can have a negative impact on consumer perception, satisfaction and intent to revisit (Berezina et al., 2012).
In their study ‘Consumer security behaviours and trust following a data breach’, authors Shelby R. Curtis, Jessica Rose Carre and Daniel Nelson Jones concluded that, following a data breach consumers perceived companies as less trustworthy, but did not change their ‘behavioural intentions to be personally more secure’. This suggests that companies should be omitting reliance on improved user security practices when assessing their security posture following a security breach.
Our team of experienced security consultants can assess your current security posture with a Cyber Resilience Health Check. Give us a call at 1800 996 001, and discover how we can help.
One of the most overlooked ACSC Essential Eight strategies in mitigating cyber security incidents is daily backups. Think of it as your absolute fail-safe in a scenario when all other security controls have failed.
Daily backups should still be the bread and butter of any IT department, we’ve all been doing it for years. However, how confident are you in your organisation’s process? Are you backing up all of your company’s important data, software and configurations daily? Are the backups securely stored? When was a full recovery of backup data last tested? How quickly could your organisation recover from a ransomware attack? Sometimes it’s worth checking to ensure the basics are operating as expected.
Author: David Roccasalva
ISACA COBIT framework
The importance of Information and Technology Governance cannot be overstated. With companies trying to maximise the value derived from IT assets while managing the associated risks, the need for a structured approach to designing and implementing enterprise governance for IT is key.
ISACA's COBIT has been one of the most accepted frameworks in this area for over 20 years. Recently ISACA has released COBIT® 2019, its first update to the COBIT framework in nearly seven years. The new version provides comprehensive practical guidance and new focus areas in hot topics like DevOps, Cyber Security and Digital Transformation. COBIT® 2019 has been written in a way that can now easily be customised for small-to-medium sized business.
Author: Pablo Borges