Cyber Risk Management Information Security in South Africa

1. CYBER RISK MANAGEMENT: INFORMATION SECURITY IN SOUTH AFRICA You hear about hacking all the time today. Whether it's hacking to try to sway an election, or perhaps a retailer having millions of credit card numbers stolen, hacking and hack attempts are a daily occurrence. Here we discuss some of the important things companies should think about when planning for information security, including contingency plans if they are attacked. Hacking is growing and changing as fast as technology is changing. Because of the internet, computers are no longer isolated. Almost all of them are connected in some way and being connected means those computers are at risk. Hacking is changing, While there still might be a few teenagers out there playing around, hacking is now big business and often has governments at its core. Information security is not taken as seriously in some organizations as it should be. This leads to being even more at risk and making the potential payoff even higher for the hackers. Another factor that affects information security vulnerability is the Internet of Things. Almost everything in your home from your thermostat, baby monitor refrigerator, to your garage door all those can be connected to the internet through a smartphone. And if it can be connected to the internet it can also be hacked. Information Security South AfricaCyber Risk Management offer a solution to this problem by providing cyber security consulting services throughout the security life cycle, helping with strategy, planning, and ongoing program improvement. There are two main types of threats that organizations and companies need to take seriously. The first one is the unintentional threat. An unintentional threat is usually the result of carelessness. The second is an intentional threat. They include carelessness, somebody just leaving a computer around that gets stolen, opening a questionable email, clicking on the link and opening up a virus, careless internet surfing, poor password strength, and carelessness in the office. That could include leaving your office door open or putting sticky notes on your computer with all of your passwords listed there. Companies need policies and procedures to combat both of these threats. One of the hardest threats to prepare for is social engineering. Social engineering is the perpetrator getting people to think they are are somebody who they're not. This works with information security but it's also an issue when you check into a hotel and somebody calls you and says "hey we had a problem with your credit card we need to get that credit card information again". Social engineering is very difficult to avoid and very dangerous. One of the best ways to avoid this is through proper employee training. One another threat is a software attack. In a software attack is typically remote a attack but it requires that the user actually do something to install it on the computer. Some of these methods you've heard before. A virus is computer code that performs malicious actions by attaching itself to another computer program. A worm is computer code that performs malicious actions and will also replicate or spread by trying to infect other computers on the network. Phishing attacks use deception to try to acquire sensitive information about you, perhaps even your password by masquerading as an official-looking email. It might appear to be from the IRS or your bank. Spear phishing is a targeted attack. Before this attach the perpetrators try to find out as much information as they can about you and include that in the phishing email to appear to be a legitimate request for information. There are also software attacks that do not require the user to do anything. One of those is a denial-of-service attack In a denial-of-service attack the attacker send so many information requests to a web server that it actually crashes it. We mentioned threats coming from both inside and outside the organization and the software attacks on this slide are done by programmers inside the organizations. Programmers leave things on the program that they're developing that These might include a Trojan horse. That's a program that hides in the computer program and reveals itself later when it's activated by a specific date or time. A backdoor is a password that's only known by that the programmer. He or she leaves a way to get back in and access the data. Some of the specific things that companies and organizations can do include physical controls such as locks and making sure that the doors are locked. Badges and alarm systems and access control also help. Ensuring that only people that have the right password and authentication can actually get into the computer system helps. Communication controls include things like firewalls, anti-spyware systems anti-malware systems and encryption can help. When it comes right down to it information security is actually an individual responsibility. There are some things you can do to safeguard your information security and especially your privacy. One of those very simple things is just to use very strong passwords and change them often. But, don't put sticky notes on your computer with your passwords You might consider adjusting the privacy settings on your computer so that it doesn't send out so much information. You can also use anonymous settings on web browsers to protect your privacy. so, if you don't want to have your search history made available to all the advertisers that have cookies on your computer you can erase your google search history CALL AT: 0874700506 WWW.TRG.CO.ZA