Cybersecurity Risk Management: Finding and Fixing Your Security
You are here: Home \ blog \ Cybersecurity Risk Management: Finding and Fixing Your Security
6 September 2018 - 17:58, by , in blog, ITM Institute, PGDM, Comments off

cyber security and it risk management

Nowadays, Internet has surpassed insurmountable heights by taking control over every necessary aspect of mankind, from sending emails or text messages to performing online financial transactions all of which has given rise to cybercrimes. These led to the need for cyber security standards. Cyber security is very critical for minimizing the threats caused by hackers in dynamic landscape of cyber-space.

Written by Kalidasan Selvam

As per schedule, there had been a guest lecture organized by the IT and Analytics department of ITM Business school where the guest speaker, Mr. Ashok. K Agarwal was invited to share his knowledge on cyber security and IT risk management. Students of the IT and Analytics Batch had attended this guest lecture which had been scheduled on 1st September 2018 at 2pm. The main objective behind scheduling this guest lecture was to give students an in-depth analysis of cyber-security and IT risk management. Several topics related to cybersecurity had been covered.
Cyber Security is a currently booming topic, majority of the students who had attended this guest lecture had previously experienced these cyber-related issues most commonly through malware software which are mostly contagious in nature most often causes malfunction to electronic devices like laptops, desktops etc. However, all these important aspects of cyber security, why it is to be implemented were all discussed in detail by Mr. Ashok. K Agarwal. The overall session was interactive. Students gave a standing ovation for Mr. Ashok K. Agarwal, as he received a gift from Mrs. Yogita Negi Rawat, Assistant Professor of IT Department, as a token of appreciation for taking time of his busy schedule for making this session happen.

Topics Covered
What is Cyber-Security?

Cyber security standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks. The principal objective is to reduce the risks, including prevention or mitigation of cyber-attacks. These published materials consist of collections of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies.

Threats- Meaning, Types and its Impact
Threats in the cyber world are defined as any malicious threat that tend to exploit one’s weakness to the business environment. Threats cannot be eliminated completely but can be mitigated, minimized and prevented to some extent. Threats are dynamic in nature, the most important quality to overcome threats is awareness. To be aware of threats and coming out with solution to tackle them is what is important

Threats could be external (Hackers) or internal (Virus). These threats could simply exploit the end-user’s data also result in its violation. An operating system has 2 types of threats one could be the use of public domain and the other could be use of unknown domain. For Instance: – Use of Public Wi-Fi Network for doing your online banking transaction or anything sensitive could be dangerous. There are a few big problems with using a public Wi-Fi network. The open nature of the network allows for snooping, the network could be full of compromised machines, or most worryingly the hotspot itself could be malicious. Snooping means use of unencrypted network available in all public place such as airports, hospital, railway station etc. for browsing which could easily give away all confidential information such as credentials (password). Hence, it is advisory not to use of such networks for performing confidential transactions online.

Firewall and its Importance
An Internet firewall is a device that is designed to protect your computer from data and viruses that you do not want. A firewall is so called because of the real firewalls used to secure buildings. A physical firewall is a set of doors that closes in a building so as to contain a fire to one area, preventing the entire building from being destroyed. Likewise, an Internet firewall is designed to shut off access to your operating system or to other computers that are connected to your network.

It acts basically like fence around the house. Like a fence meaning that it is a perimeter of defense which assures the security of anything within it. In this case the network of servers which are firewall protected are generally safe from the dangers of hackers. How exactly to set up an internet firewall? Setting up or installing an Internet firewall is intentionally very simple. Most computers come with a firewall program. The only thing that the user needs to do is set the settings for the firewall. This means that individual users decide how much content they want to filter through and what websites are safe to use. In some cases, users have a very lax opinion of what should and should not be allowed to pass through their filter. Others mention by name the sites that are acceptable to visit, leaving all other sites off limits (this is often the case when a parent is allowing a child to have their own private access to the Internet and wants to make sure to avoid any objectionable content). Designating your level of security for your own personal firewall is imperative. You must have an understanding of how to do this. If not, it is possible that your system will remain on a default setting. Some default settings allow for all Internet site visits to take place unless websites have been specifically blocked. An Internet firewall is important for many reasons. Some value a firewall for its ability to keep private information secure. Identity theft is a growing crime, and many see firewalls as a good defence against these specific types of predators. Others, such as small business owners, think firewalls are important because a firewall keeps all their personal electronic information private. Not only is privacy important from a competitive perspective, but you must make certain that you can assure your customers that their personal business information is going to be safe with you.

Make sure that the information on your computer and the information that you share online remains for your eyes only. Take advantage of firewall protection and the fact that it comes standard with newer computers and can often be downloaded for free from a reputable site. No matter how you connect to the Internet an Internet firewall is important. Protect yourself, your business and your colleagues on your network by making sure that you have firewall protection.

The Nature of Cyber Space

  • A cyber domain is boundaryless meaning it has no limit to specific region.
  • Cyber Security is an integral part of the organization without which an organization cannot sustain itself.
  • As per Cyber Security Doctrine, Layered security is necessary. Security at just one single level is not enough as it acts as gate to prevent hackers from taking over the system hence the more gates set-up the better security for the system.

How do Hackers Hack?
When you start talking about getting into computers you have not been granted permission to be in or change information you do not have authority to change, or interrupting the communications of computers, then YES – IT IS A CRIME! That CRIME has a name called “Hacking”. Hacking is considered to be the province of the lowest scum of the computer world. Cyber criminals are the hoodlums, muggers, rapists, and child molesters of the cyber world. Major questions that arise in one’s mind when asked about hacking is how is hacking done? Is there a specific way to do so? Well no there isn’t any specific way. Hackers are generally one step ahead, learn to adapt and evolve their tactics to gain unauthorized to system. But in some cases where credentials are predictable (For Instance; passwords only contain simple yet basic number pattern such as 1234 or 0000) we, ourselves invite hackers to hack into our system.

Prevention Measures
Sometimes measures taken to prevent a hacker from hacking into the system could be very simple than complicated.

  • Password complexity could be maintained through the use of alphanumeric characters, numbers combined. Results in better security as the hacker has time limit of 2 minutes for cracking the credentials whereas the validity time limit is 30 seconds, making it impossible for cracking through.
  • While doing an online transaction such online fund transfers, online payments etc. It is advisory to use an encrypted network.
  • Do not use open Wi-Fi on your router; it makes it too easy for threat actors to steal your connection and download illegal files. Protect your Wi-Fi with an encrypted password and consider refreshing your equipment every few years. Some routers have vulnerabilities that are never patched. Newer routers allow you to provide guests with segregated wireless access. Plus, they make frequent password changes easier.
  • Some websites will ask you to sign in with a specific service to access features or post a comment. Ensure the login option isn’t a sneaky phish, and if you’re giving permission to an app to perform a task, ensure you know how to revoke access once you no longer need it. Old, abandoned connections from service to service are an easy way to see your main account compromised by spam.