Recently I was given a blog assignment to address cybersecurity. “How hard can this be?” I thought. My first job out of college was at the National Security Agency (NSA) as a young IT worker. Then, I remembered that was in the 1980’s when Russia was still one country and our primary enemy, home PC’s were in their infancy, and I spent most of my time at NSA working in the logistics and supply chain arena. (The picture is of me with two fellow NSA employees, Chris and Chuck. Bet you feel better knowing the safety of the free world was once in our hands!) Obviously, my NSA background wasn’t going to help me here.
Being the technology minded person, I am, I went to my next great source. “Alexa! What is cybersecurity?”
Alexa responded, “Cybersecurity, computer security, or IT security is the protection of computer systems from the theft and damage to their hardware, software, or information, as well as from disruption or misdirection of the services they provide. Cybersecurity includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data, and code injection.”
That sounded more on the right track. However, realizing Alexa is probably not always a reliable or citable source, I chose to speak to one of our netlogx cybersecurity experts, Barbara Zenor. She explained that cybersecurity has evolved over time. Initially, it was primarily internal to a company. They had sensitive data and needed to control who within the company could access specific data elements. Then computer proliferation created a new threat – hackers and cyber-attacks. She pointed out that attacks can come from external sources, but also from internal sources. There is a need to provide:
- Physical security (controlling physical access to the computers and servers that store data and run an organization)
- Application security – ensuring the programs and applications used to run a company’s business operations are free from viruses and other forms of attack
- Data security – a company’s life blood is often the data used to run the company, make strategic decisions, or provide a good or service to customers. The data must be protected
- Network security – companies often have internal networks in addition to external connections to the internet. Both present vulnerabilities to a company’s cybersecurity
Barbara also pointed me towards the U.S. Commerce Department’s National Institute of Standards and Technology, or NIST (www.nist.gov). This government established group supports a proposed framework for increasing cybersecurity across the board for organizations. The site promotes an iterative process where the following steps are cycled to identify and address security concerns and issues: Identify, Protect, Detect, Respond, Recover.
The NIST framework includes processes and procedures, measures, and controls that can be scaled to fit an individual organization’s needs. While it was designed primarily to protect critical infrastructure systems, the concepts are universal and can be applied to any computer system. I was happy to hear that netlogx is positioned to help companies implement the NIST framework on a level that matches the customer’s current needs and abilities.
So, I realized that in this particular case, Alexa actually provided a decent summary. Of course with my new cybersecurity awareness I now feel the need to research if Alexa presents a cybersecurity threat… Anyways, for my part, I’ll be happy to be behind the scenes knowing people are working hard to protect my cybersecurity so I can focus on the work I love and can do best!