RCR 005: Cybersecurity versus Information Security

Sep 25, 2018

 

Podcast: Play In New Window | Download

Subscribe: iTunes | Goggle Play | Stitcher Radio | RSS

Description:  

Shon Gerber from Reduce Cyber Risk.com reveals to you the steps each week the information you need to best protect your business and reduce your company’s cyber risk. Shon provides cybersecurity for business training and how you can begin to address the cyber risk for your daily business.

In this episode (Part 5), Shon will go over the differences between Information Security and Cybersecurity; why businesses struggle with Cybersecurity and what you as a business can do to mitigate the issue

Transcript:

welcome to the reduce cyberus podcast or we give you the tools you need to meet your regulatory requirements while helping keep the evil hacker hoarded Bay hi my name is Sean Gerber and I'm your host for this action packed and forwarded podcast join me each week cuz I provide the information you need to best protect your business and reduce your company cyber-risk alright episode where you talkin about the tale of two brothers and what does information security and what is cybersecurity you're probably saying yourself yawn is right is information Securities more the broad-brush it's more of the larger group that you're dealing with cybersecurity is more of a specialized area all businesses deal with information so whether it's your employee information tax information it's all about the data and in that data is specifically tied to the information so you need to ask yourself the what when where and who is about your data no basically what is it when is it being logged where is it being stored who has access to it and so forth because all those pieces of information are going to determine how you best protect that data and also some have medical data about individuals that now you may fall under the HIPAA aspect of this do you have proprietary information that is stuck with the Chinese Cyber Law where you have to consider important data and that data has to reside within China or has reside Someplace Else But at the minimum you have to keep that information yet to know that information is going so again it's all about the data and it's all about protecting that information so information security so that's what it's about all the information that you create use or store is the overall broad-brush of information security Now definition that the US government is come up with is it's the protection of information and information systems of keywords systems from unauthorized access use disclosure disruption modification or destruction in order to provide confidentiality integrity and availability okay you'll hear more about the confidentiality integrity and availability is the CIA triangle right not the Bermuda Triangle but the CIA triangle dadaism confidentially keeping protecting the Integrity of the data is the data available and so forth and that is what the definition of information security is from a large standpoint the who and what does it Encompass so we're talking about did they didn't the people now if you if you have a business and you dealt with this before you know that this data has gone from being in the past basically pieces of paper records that are sitting in a file cabinet somewhere 1000 Nasir ver in a day sitting in your office but now those servers are sitting within the cloud and the point behind that is his now that data is no longer in your physical possession that date is in somebody else's possession the Datacenter could be within the United States could be within different country is all different places and you have to really understand where that data is going especially that deals with people porches in the European Union you got to know where they're there you people's data goes from the European Union important you have that they also the processes so what are the things that make your business work your mission you Vision your training or automation but the process is behind the data do you have scripts that are running in the background that take your data and they put it someplace else are you familiar with what's being sent there being protected in transit as it goes from point A to point B is it important to you care maybe not I get it comes out of the risk of your company how much about your data and if it got compromised me so what it's not that big of a deal however you may need to ask yourself is it an important thing for you to keep and if you do know you about your data you may also when they consider about your data is just because you think at one point in time your data isn't as important as it could be an overtime laws change and I've lost something that you had in your mental model your brain thinking a because businesses are changing countries are changing weren't you to stay abreast of all of those potential changes that changes four times in the past period time cuz it changed complex when technology were talking about the iot aspect of it solution it could be from anything that deals with just data that's a script that's running off of a power plant that dumps data in the cloud and may go through three different countries it is getting dumped in those locations how does that going to play now if your small business you're probably on I got a couple of servers and no big deal I got all kinds of things but I have no idea how they talk to each other just some it guy stood up and is in business you can't put your head in the sand think about that it's just not going to affect me and my it guy should have it unfortunately it's a tragedy of the common situation where your it guys thinks will hey the senior leaders they run the company they know how this business Works they're going to tell me if I need something the it guys are the smart guys when it comes to technology jump though make sure that things are in place for us HR person is going why they called you guys have figured it out cuz I just want to work focus on what I know because all this cyber stuff is just confusing and it's just changing too fast there is no defense in the fact that you didn't know and that you weren't aware try that when you get a speeding ticket and see if the police officer says to you so who and what does it Encompass know what we talked about it's all about the data and the confidentiality integrity and availability where to get into though so we'll start with the first one and it's confidentiality is protecting information from unauthorized access and disclosure okay so it was an example we have out here on the screen how would that happen what how what would happen if the information such as using the password or credit card information was stolen okay so now keeping it but it gets breached it's gone so that you broke down a confidentiality of protecting my information now depending on where you live it could cost you a lot of money or could be no big deal so those are things going to have to be aware of Integrity protecting information from off unauthorized modification will be so how do you know that your CPA isn't making changes to your books and isn't modifying injecting with something different and new and cool at the movies make that up right what is a bigger thing that might affect the Titans somebody actually making modifications to the file that weren't supposed to have access to it may adding couple extra zeros or taking away all those things are basically it's affecting the Integrity of the document and or of the data and if you don't have proper Protections in place now you got to deal with that work on the red team at the end of the day it doesn't matter so back in 2002-2003 right after the 9/11 event that occurred right and that terrorist event that occurred what would happen was was the same group going to hack into the US Stock Market didn't actually do it with the moment that they made the comment that they were going to hack into the stock market it dropped 300 points immediately does that tell you it's psychological operations for a brief moment time people lost confidence in the data in 2018 the election system thinking the Russians have hacked into the system right guess what they probably have some level of influence within our network not just the election system is probably multiple places which we found with the electrical grid as well what does that do it causes people to have doubt in the system however it causes seed of doubt in people's mind on whether or not they did or they did not psychological operations that's all it really comes down to OK Google what does it Encompass it's again all about the date and availability preventing or disrupting on how you access information so what happens if you can't log into the system that you want to login to what you going to do about it now you're no longer available to get that information that you need that's on the systems availability it could be as simple as the servers down the network down or straight backhoe just cut the fiber out don't know the fact that you just can't even get into the room the login that simple what is information security and cyber-security businesses use information like we talked about the employee information tax all that information information cyber security Personnel security background checks of people you need to consider those things you also have to look at your operational security protecting your business plans and processes do you have a business is going to put in a new country Venezuela right Brazil and probably not been as well and you had this whole big plan set up and you're going to Corner the market in I don't know making toucan birds out of stray California you want to make this toucan out of straws and you got this perfect way to Corner the market security by protecting the business plans in the process for them so your business continuity Disaster Recovery what you going to do to keep your business operating and running in the event something goes bad can you keep your business going in the event that there's a tornado in the event there's a hurricane and your system goes down do you have a way to recover from that and keep your business operating in the event of a natural disaster could be as simple as a straight backhoe taking out your business in one Datacenter and you have the ability to roll over to another day Center plans in place to deal with that we talked about also physical security on the protection of property you have fences around there you have cameras you have badge cards to get in there all of those systems your privacy protecting of personal information the country you live in it may or may not be something that they can beat that can occur during the European Union that's probably a strong possibility if you're in the Chinese in the country of China then guess what that's a really high that your personal privacy isn't really that personal it's probably more from somebody else they want to protect at the other day that the state has your data security protection of electronic data are property again lack of energy note to put in there but that's a protection of electronic data or property information security covers all of these aspects your physical security privacy so on so forth

Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team. You'r information will not be shared.

Close

Don't you want to pass the CISSP....the FIRST time?

Get my FREE CISSP training videos (Domains 1 - 4) so I can show you how to pass the CISSP Exam...the FIRST time! .