Thinking Cybersecurity

Some Basics

As I suggested in a previous post, understanding cybersecurity is essential to effectively managing an employer’s risk.  The upshot: employment lawyers must talk to CIOs.   To do that, we’ll need to know a thing or two about the subject matter at hand.

The Basics of Insider-Related Cybersecurity

The Department of Homeland Security identifies six core elements for preventing  insider-related cyberthreats:

(1) Collect and Analyze (understanding and auditing your network)
(2) Detect (monitoring network traffic and data usage for sign of attack )
(3) Deter (raise the cost of initiating an attack)
(4) Protect (repel an attack)
(5) Predict (anticipate threats)
(6) React (reduce opportunity, capability, and motivation for the insider)

I would add two more core elements  to this list: Plan (in order to improve reaction times to breaches) and Re-Assess (continually update all of the core elements).

As DHS notes: “[e]xisting security tools for detecting cyber attacks focus on protecting the boundary between the organization and the outside world….they are less suitable if the data is being transmitted from inside the organization to the outside by an insider who has the proper credentials to access, retrieve, and transmit data.”  This can be intentional or non-intentional (as even non-malicious insiders can do a great deal of damage should they succumb to any number of scams designed to get them to punch holes in an employer’s cybersecurity).

Critical Security Controls 

Turning from the theoretical to the practical, these eight elements need to be combined with an understanding of the cybersecurity techniques that have the greatest impact upon improving an entity’s risk posture against real-world threats.   Examples of such practices can be found in the Council on CyberSecurity’s Critical Controls for Effective Cyber Defense and are worth reviewing closely.

More soon….

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s