Thinking Cybersecurity

Some Basics

As I suggested in a previous post, understanding cybersecurity is essential to effectively managing an employer’s risk.  The upshot: employment lawyers must talk to CIOs.   To do that, we’ll need to know a thing or two about the subject matter at hand.

The Basics of Insider-Related Cybersecurity

The Department of Homeland Security identifies six core elements for preventing  insider-related cyberthreats:

(1) Collect and Analyze (understanding and auditing your network)
(2) Detect (monitoring network traffic and data usage for sign of attack )
(3) Deter (raise the cost of initiating an attack)
(4) Protect (repel an attack)
(5) Predict (anticipate threats)
(6) React (reduce opportunity, capability, and motivation for the insider)

I would add two more core elements  to this list: Plan (in order to improve reaction times to breaches) and Re-Assess (continually update all of the core elements).

As DHS notes: “[e]xisting security tools for detecting cyber attacks focus on protecting the boundary between the organization and the outside world….they are less suitable if the data is being transmitted from inside the organization to the outside by an insider who has the proper credentials to access, retrieve, and transmit data.”  This can be intentional or non-intentional (as even non-malicious insiders can do a great deal of damage should they succumb to any number of scams designed to get them to punch holes in an employer’s cybersecurity).

Critical Security Controls 

Turning from the theoretical to the practical, these eight elements need to be combined with an understanding of the cybersecurity techniques that have the greatest impact upon improving an entity’s risk posture against real-world threats.   Examples of such practices can be found in the Council on CyberSecurity’s Critical Controls for Effective Cyber Defense and are worth reviewing closely.

More soon….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s