" ACCOUNT !

BASKET (/SHOP/CHECKOUT) # UNITED KINGDOM $ £ GBP

(https://www.itgovernance.co.uk)
Search: GDPR, Cyber Essentials, training... &

% +44 (0)333 800 7000 (tel:+443338007000)

B r o a d e n y o u r k n o w l e d g e w i t h F R E E * t r a i n i n g w h e n y o u b o o k s e l e c t e d M a r c h c o u r s e s | F i n d o u t m o r e   ! 
(/broaden-your-knowledge-with-free-training? promo_name=sitewidebanner&promo_id=broadenknowledge-
freetraining)

' (/) ( Cyber security solutions (/cyber-security-solutions) ( Cyber security

What is Cyber Security? Definition and Best Practices

Find out everything you need to know about protecting your organisation from cyber attacks.

) Further information
Cyber security definition
Cyber Security as a Service Cyber security is the application of technologies, processes, and controls to protect systems, networks,
(/cyber-security-as-a-service) programs, devices and data from cyber attacks.

Cyber Safeguard (/cyber- It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems,
safeguard) networks, and technologies.

Information security for hybrid

working (/information-security-
for-hybrid-working)
Why is cyber security important?
Invest Today, Secure Tomorrow
with Cyber Defence in Depth
!  The costs of cyber security !  Cyber attacks are
(/cyber-defence-in-depth)
breaches are rising. increasingly sophisticated.
Online cyber security training Organisations that suffer cyber security breaches Cyber attacks continue to grow in sophistication,
courses (/cybersecurity-training) may face significant fines with attackers using an ever-expanding variety
(https://www.itgovernance.co.uk/dpa-and-gdpr- of tactics. These include social engineering
Cyber security consultancy
penalties). There are also non-financial costs to (https://www.itgovernance.co.uk/social-
services (/cyber-security-
be considered, like reputational damage. engineering), malware
consultancy-services)
(https://www.itgovernance.co.uk/malware-
protection) and ransomware
Cyber incident response (CIR)
(https://www.itgovernance.co.uk/ransomware).
management (/cyber-incident-
response-management)

Cyber health check (/cyber-

health-check)
Cyber security audit (/cyber-
health-check)
! Cyber security is a critical, " Cyber crime is a big business.
board-level issue.
According to a study
What is SOC (/what-is-soc)
New regulations and reporting requirements (https://www.mcafee.com/enterprise/en-
make cyber security risk oversight a challenge. us/assets/reports/rp-hidden-costs-of-
SOC 2 audits (/soc-reporting)
The board needs assurance from management cybercrime.pdf) by McAfee and the CSIS, based
Cyber security risk assessment that its cyber risk strategies on data collected by Vanson Bourne, the world
(/cyber-security-risk- (https://www.itgovernance.co.uk/cyber-security- economy loses more than $1 trillion each year
assessments) risk-management) will reduce the risk of attacks due to cybercrime. Political, ethical, and social
and limit financial and operational impacts. incentives can also drive attackers.
The SWIFT CSCF (Customer
Security Controls Framework)
(/swift-customer-security-
controls-framework-cscf)

Speak to a cyber security expert Who needs cyber security?

(/speak-to-a-cyber-security-
expert) It is a mistake to believe that you are of no interest to cyber attackers. Everyone who is connected to the
Internet needs cyber security. This is because most cyber attacks are automated and aim to exploit common
vulnerabilities rather than specific websites or organisations.

For consumers For organisations

(/shop/product/cyber-

(/shop/product/security-in-the-digital-world) security-essential-principles-to-secure-your-
organisation-a-pocket-guide)
Security in the Digital World
  Cyber Security: Essential principles to
secure your organisation – a pocket
This must-have guide features simple guide
explanations, examples and advice to help you
be security-aware online in the digital age. This pocket guide takes you through the
  fundamentals of cyber security, the principles
that underpin it, vulnerabilities and threats, and
how to defend your organisation againstfrom
Find out more
attacks.
(/shop/product/security-in-
the-digital-world)
Find out more
(/shop/product/cyber-security-
essential-principles-to-secure-
your-organisation-a-pocket-
guide)

Types of cyber threats

Common cyber threats include:

Malware
Malware, such as ransomware, botnet software, RATs (remote access Trojans), rootkits and bootkits,
spyware, Trojans, viruses, and worms.
Backdoors
Backdoors, which allow remote access.
Formjacking
Formjacking, which inserts malicious code into online forms.
 Cryptojacking
Cryptojacking, which installs illicit cryptocurrency mining software.
DDoS (distributed denial-of-service) attacksattacks, which flood servers, systems, and networks with traffic
to knock them offline.
DNS (domain name system) poisoning attacks attacks, which compromise the DNS to redirect traffic to
malicious sites.

Learn more about the cyber threats you face, the vulnerabilities they exploit and the types of attacks that cyber
criminals use to deliver them (https://www.itgovernance.co.uk/cyber-threats)

What are the five types of cyber security?

1. Critical infrastructure cyber security

Critical infrastructure organisations are often more vulnerable to attack than others because SCADA
(supervisory control and data acquisition) systems often rely on older software.

Operators of essential services in the UK’s energy, transport, health, water and digital infrastructure
sectors, and digital service providers are bound by the NIS Regulations
(https://www.itgovernance.co.uk/nis-directive).

The Regulations require organisations to implement appropriate technical and organisational measures to
manage their security risks.

2. Network security
Network security involves addressing vulnerabilities affecting your operating systems and network
architecture, including servers and hosts, firewalls and wireless access points, and network protocols.

3. Cloud security
Cloud security (https://www.itgovernance.co.uk/cloud-security) is concerned with securing data,
applications, and infrastructure in the Cloud.

4. IoT (Internet of Things) security

IoT security involves securing smart devices and networks connected to the IoT. IoT devices include things
that connect to the Internet without human intervention, such as smart fire alarms, lights, thermostats,
and other appliances.

5. Application security
Application security involves addressing vulnerabilities resulting from insecure development processes in
designing, coding, and publishing software or a website.

Cyber security vs information security

Cyber security is often confused with information security (https://www.itgovernance.co.uk/infosec).
 Cyber security focuses on protecting computer systems from unauthorised access or being otherwise
damaged or made inaccessible.
Information security is a broader category that protects all information assets, whether in hard copy or
digital form.

The legal requirement for cyber security

The GDPR (https://www.itgovernance.co.uk/data-protection-dpa-and-eu-data-protection-regulation) and DPA
2018 (https://www.itgovernance.co.uk/dpa-2018) require organisations to implement appropriate security
measures to protect personal data. Otherwise, you risk substantial fines (https://www.itgovernance.co.uk/dpa-
and-gdpr-penalties).

Cyber security is a critical business issue for every organisation.

Challenges of cyber security

Mitigating the cyber security risks facing your organisation can be challenging. This is especially true if you
have moved to remote working and have less control over employees’ behaviour and device security.

!  Learn more about remote working and cyber security (https://www.itgovernance.co.uk/remote-working-

and-cyber-security)

An effective approach must encompass your entire IT infrastructure and be based on regular risk assessments.

!  Learn more about cyber security risk assessments (https://www.itgovernance.co.uk/cyber-security-risk-

assessments)

What are the consequences of a cyber attack?

Cyber attacks can cost organisations billions of pounds and cause severe damage. Impacted organisations
stand to lose sensitive data and face fines and reputational damage.

!  Learn more about cyber crime and how it affects you (https://www.itgovernance.co.uk/cyber-crime)

!  Learn about the cyber threats you face (https://www.itgovernance.co.uk/cyber-threats)

Managing cyber security

Effective cyber security management must come from the top of the organisation.

A robust cyber security culture, reinforced by regular training (https://www.itgovernance.co.uk/cybersecurity-

training), will ensure that every employee recognises cyber security as their responsibility.

Good security and effective working practices must go hand in hand.

How to approach cyber security

A risk-based approach to cyber security will ensure your efforts are focused where they are most needed.

Using regular cyber security risk assessments (https://www.itgovernance.co.uk/cyber-security-risk-assessments)

to identify and evaluate your risks is the most effective and cost-efficient way of protecting your organisation.
!  Learn more about cyber risk management (https://www.itgovernance.co.uk/cyber-security-risk-
management)

Cyber security checklist

Boost your cyber defences with these must-have security measures:

1. User education
Human error is the leading cause of data breaches. Therefore, you must equip staff with the knowledge to
deal with the threats they face.

Staff awareness training (https://www.itgovernance.co.uk/staff-awareness) will show employees how

security threats affect them and help them apply best-practice advice to real-world situations.

2. Application security
Web application vulnerabilities (https://www.itgovernance.co.uk/web-application-penetration-testing) are
a common point of intrusion for cyber criminals.

As applications play an increasingly critical role in business, it is vital to focus on web application security.

3. Network security
Network security is the process of protecting the usability and integrity of your network and data. This is
achieved by conducting a network penetration test (https://www.itgovernance.co.uk/external-network-
penetration-test), which assesses your network for vulnerabilities and security issues.

4. Leadership commitment
Leadership commitment is key to cyber resilience (https://www.itgovernance.co.uk/cyber-resilience).
Without it, it is tough to establish or enforce effective processes. Top management must be prepared to
invest in appropriate cyber security resources, such as awareness training.

5. Password management
Almost half of the UK population uses ‘password’, ‘123456’ or ‘qwerty’ as their password. You should
implement a password management policy to guide staff to create strong passwords and keep them
secure.

Start your journey to being cyber secure today.

IT Governance has a wealth of security experience. For more than 15 years, we’ve helped hundreds of
organisations with our deep industry expertise and pragmatic approach.

All our consultants are qualified and experienced practitioners, and we can tailor our services for organisations
of all sizes.
 Browse our wide range of cyber security solutions below to kick-start your project.

product/cyber-(/shop/product/build- (/shop/product/cyber-(/shop/product/complete-
(/shop/product/cyber-(/shop/product/security-
(/shop/product/cyber-(/shop/product
a-security- essentials- staff-awareness- security-for- in-the-digital- security- scan)
culture) certification- e-learning-suite) remote-workers- world) Vulnerability
essential-
ssentials Build a Security Complete Staff Security in the Scanning Servic
and-precheck) staff-awareness- principles-to-
Culture Awareness E- Digital World (/shop/product/
Cyber Essentials e-learning- secure-your-
roduct/cyber- (/shop/product/build- learning Suite (/shop/product/security- scan)
Certification and
course) organisation-a-
ntials- a-security- Precheck (/shop/product/complete- in-the-digital-
culture) Cyber Security pocket-guide)
(/shop/product/cyber- staff-awareness- world)
e-learning-suite) for Remote Cyber Security:
essentials-
Workers Staff Essential
+
certification-
and-precheck)
Awareness E- principles to (
learning Course secure your
(/shop/product/cyber- organisation – a
security-for- pocket guide
remote-workers- (/shop/product/cyber-
staff-awareness- security-
e-learning- essential-
course) principles-to-
secure-your-
organisation-a-
pocket-guide)

FREE CORPORATE DELIVERY, RETURNS

RESOURCES INFORMATION AND PAYMENT

Resource hub (/resources) COVID-19 (https://grci.group/policy-statement-novel- Adobe e-book FAQs (/adobe-e-book-faqs)

coronavirus-covid-19)
Cyber security resources (/resources/cyber-security) Fulfilment FAQs (/it-governance-faqs)
About us (/about)
Data privacy resources (/resources/gdpr) Payment options (/payment-options)
Affiliate programme (/affiliates)
ISO 27001 resources (/resources/iso-27001) Purchase store credit (/store-credit)
Become an IT Governance partner (/become-a-partner)
IT Governance blog (/blog) Returns (/terms-for-buying-goods-and-services-on-our-
Careers - Join our team (/join_us) site)
IT Governance newsletter (/newsletter)
Clients (/clients) Shipping (/shipping)
The weekly round-up (/weekly-round-up)
Events (/media/events) View all FAQs (/it-governance-faqs)
Press releases (/media/press-releases)

CUSTOMER TERMS AND

SERVICE CONDITIONS

Contact us (/shop/contactus) Acceptable use policy (/acceptable-use-policy)

Leave a review (/leave-a-review) Cookie policy (https://www.grci.group/cookie-policy)
Apply for a corporate account (/it-governance- Complaints and Appeals Policy (/complaints-and-
corporate-account) appeals-policy)
CyberComply portal Terms for buying goods and services (/terms-for-
(https://www.Cybercomply.Co.Uk/account/login) buying-goods-and-services-on-our-site)
GRC eLearning platform Terms and conditions of website use (/terms-and-
(https://users.grcelearning.com/login/) conditions-of-website-use)
DocumentKits platform Promotion terms and conditions (/promotions-terms-
(https://www.Documentkits.Com/login) and-conditions)
Cyber Essentials FAQs (/cyber-essentials-faqs) Privacy notice (/privacy-notice)
E-learning FAQs (/elearning-faqs)
Training FAQs (/training-faq)

(https://twitter.com/ITGovernanc
*
 (https://twitter.com/ITGovernanc
*
(https://www.facebook.com/ITGo
,
(https://www.linkedin.com/compa
governance)
-
(https://www.youtube.com/itgove
.
(https://www.itgovernance.co.uk
!

FREE
TRAINING
(/BROADEN-YOUR-KNOWLEDGE-WITH-FREE-TRAINING? PROMO_NAME=SITEWIDEBANNER&PROMO_ID=BROADENKNOWLEDGE-FREETRAINING)

© 2003-2023 IT Governance Ltd | Acknowledgement of Copyrights Website & eCommerce by Xanthos

This website uses cookies. /
(https://www.itgovernance.co.uk/files/Trade%20Mark%20Acknowledgement%20Statements%20(2).pdf) (//www.e-xanthos.co.uk)
View our cookie policy
| (https://www.grci.group/cookie-
IT Governance Trademark Ownership Notification
Help
policy)
(https://www.itgovernance.co.uk/IT-Governance-Trademarks-Notice.pdf)