CYBER SECURITY: CONFIDENTIALITY AND INTEGRITY OF THE DATA
New technologies entail the need to protect business data from tampering or intrusions.
The set of business data and of hardware and software resources represent an essential heritage that the company must protect. Cyber security usually aims at five main objectives:
- Integrity of computer data.
- Confidentiality (or encryption), that means to ensure that just authorized users can access data.
- Data availability and proper functioning of the information system.
- Non repudiation i.e. the guarantee that no one will deny the transaction.
- Authentication of users to the system.
A cyber security system can be considered good if each single factor is adequately designed and implemented, because the weakness of a single ring of the chain can affect global security.
This means that the company must have a holistic approach to the problem and has toassociate software security also to users’ awareness about the right management of the system.
RULES AND STRATEGIC PROCEDURES
Cyber security can be distinguished into passive security and active security.
Passive security has to be intended as defensive techniques and tools. In particular, we refer to all those solutions that prevent unauthorized users to have access to resources and plants. An example is the use of armored doors or the use of personal identification systems.
Active security includes those techniques and tools that protect confidential information from access and changes of unauthorized users. This category includes both hardware and software tools.
Passive and active security are complementary and both are essential to meet the desired level of security of a system.
Furthermore, the legislation about privacy establishes precise obligations on undertakings, including the obligation to annually prepare a specific Operational Security Plan (OSP).
ISO 27001:2005 standard provides the appropriate ways to protect data and information from any kind of threats in order to ensure the integrity, the confidentiality and the availability and sets out which are the requirements that an adequate safety information management system must have.
This is the reason why the first step to do is to define the corporate security policy to be realised in 4 stages::
CYBER SECURITY PROCEDURES
Cyber security of a company is based on the knowledge of the rules by the employees and on appropriate procedures and strategies:
PROCEDURE FOR MANAGEMENT OF THE UPDATES
PROPERLY PLANNED BACKUP STRATEGY
RECOVERY PLAN FOLLOWING ACCIDENTS
UPDATED DOCUMENTARY SYSTEM
P.M.F. staff has the right skills to support companies in the realization of an adequate custom-designed cyber security system according to the needs of the companies.