Cyber Security is a general concept that refers to a set of practices to ensure the security of computers, networks, mobile devices, electronic systems, and data. Today, we are going to cover the cyber security sub-branches such as Information Security Management and Security of Electronic Systems are used to address cyber security practices.
Cyber Security itself is a sub-branch of Information Systems and its importance and popularity are increasing every year with the increasing number of security breaches and hacking news.
In literature, cyber security has 6 main sub-branches. Although you may find different classifications published by some institutions, organisations, and documentation, they are basically the same classification with fancy names.
These sub-branches, which we have discussed each in detail in the previous sections, include;
- Network Security
- Software/Application Security
- Information Security
- Operational Security
- Disaster Recovery and Business Continuity
- End-User Training
- 1 What Is Network Security?
- 2 What Is Software/Application Security?
- 3 What Are Software/Application Security Tools?
- 4 What Is Information Security?
- 5 What Is Operational Security?
- 6 What Is Disaster Recovery and Business Continuity?
- 7 What Are End-User Training?
What Is Network Security?
Network security is a general concept that protects digital assets including network traffic while defining tools, strategies, and security policies designed to monitor, prevent, and respond to intrusive network attacks.
It covers the hardware and software technologies (including resources such as expert security analysts, hunters, incident responders, etc.) and responds to all potential threats targeting a specific network. In other words, it is a cyber security practice that helps you to keep the people with bad intentions from your sensitive data.
Network security keeps the hackers, who are trying to exploit vulnerabilities, away from your systems. There are three main elements that every network security must cover, and these are;
- Intrusion Detection
- Intrusion Prevention or Response
Protection requires any tool or policy designed to prevent malicious people from gaining unauthorized access to your network.
Intrusion Detection refers to the resources, which allow you to analyze network traffic and quickly identify problems before they lead to any damage.
Intrusion Prevention or Response is the ability to react to the detected threats and provide permanent solutions to them as quickly as possible.
What Is Software/Application Security?
Software/Application Security is one of the cyber security sub-branches and is the practice to make software or applications more secure by questioning, improving, and developing security systems and measurements.
In general, most of these performed in the development stage. However, it is important to keep protecting the software or applications after their launch. In recent years, Software/Application Security became one of the most popular cyber security practices since hackers started to target software and applications more.
Most Common Software/Application Vulnerabilities
According to the Common Weakness Enumeration list, some of the top vulnerabilities in software and applications include:
- Cross-site scripting
- Out-of-bounds write
- Improper input validation
- Out-of-bounds read
- Improper restriction of operations within the bounds of a memory buffer
- SQL injection
- Exposure of sensitive information to an unauthorized actor
- Use after free
- CSRF – Cross-site request forgery
- OS command injection
What Are Software/Application Security Tools?
Security testing tools are divided into several groups and these groups are very helpful in deciding what you need to protect your software or application. These groups are;
- Static Testing
- Dynamic Testing
- Interactive Testing
- Mobile Testing
Static Testing analyzes the code during the code development process. This is a useful practice for developers to ensure that security issues arise during the development while they are still coding.
Dynamic Testing analyzes the running or compilable code. This is useful since it can simulate attacks on production systems and reveal more complex attack patterns using a combination of systems. However, it is included in the process at a later stage in DevOps processes.
Interactive Testing combines the elements of both static and dynamic testing.
Mobile Testing is specially designed for mobile software and applications. It can examine how an attacker can exploit the mobile operating system and the applications running on it as a whole.
What Is Information Security?
Data is an important asset, includes information that is important for the organisation, and must protected in the best way. Information Security is a set of practices that ensure the data is protected from a wide range of threats for ensuring the continuity of operations in the organisation, minimize disruptions in operation and increase the benefits of investments.
Information is available in many forms such as it may written on a piece of paper, stored electronically, can transmitted by post or email, or expressed orally between the users or employees.
Regardless of its form, information must properly protected. This is only possible by ensuring three main elements and these are;
Confidentiality can be defined as the data is stored in a way that cannot be accessed by unauthorized people. In another sense, confidentiality is a set of practices that prevent the disclosure of information by unauthorized people.
Integrity is the protection of the information against threats of alteration, deletion, or destruction in any way by unauthorized people. In another sense, integrity can be defined as preventing the information from being corrupted accidentally or intentionally.
Availability refers to information that will be ready to use whenever it is needed. Accessibility of the information even in case of a problem is a requirement of availability. Administrators set this access according to the roles of the users. Every user must be able to access the information, which they have the right to access, only within the time period they are allowed or authorized to.
What Is Operational Security?
Operational Security is a set of practices that covers security and risk management processes to prevent any unauthorized access to sensitive information. Operational Security (OPSEC) includes both processes and strategies.
The sole goal in this cyber security practice is to view the operations and systems of an organisation from the perspective of an attacker. Thus, any vulnerabilities that can lead to the reveal of sensitive or critical data will be identified and covered.
In general, it includes five steps, and these include;
- Sensitive Data Identification
- Possible Threat Identification
- Vulnerability Analysis
- Threat Level Identification
- Threat Elimination
Sensitive Data Identification focuses on identifying the data stored on the systems of an organisation. Moreover, sensitive data is customer information, product research, financial statements, credit card data, or employee details in all kinds of organisations.
Possible Threat Identification includes practices to identify the possible threats for the data determined by the Sensitive Data Identification step.
Vulnerability Analysis includes practices and tests to analyze the vulnerabilities identified in the previous step. It focuses on possible weaknesses and loopholes that attackers can exploit to gain any unauthorized access to sensitive data.
Threat Level Identification is ranking the identified vulnerabilities according to their importance level. Many factors such as their likelihood of being the target for a possible attack, possible damage they can cause when exploited, effort and time required to eliminate the vulnerability are considered in this ranking.
Threat Elimination covers all kinds of actions and plans to eliminate the possible threats one by one according to the ranking determined in the Threat Level Identification step.
What Is Disaster Recovery and Business Continuity?
These terms are also the cyber security sub-branches. A disaster can be in any form including cyber attacks, power outages, equipment failures, and even natural disasters. Disasters are events bearing risks for the operations of the organisation. The goal in Disaster Recovery is ensuring Business Continuity under any condition.
This includes planning and testing and creating a separate physical backup system for restoring operations. An emergency communication plan provides necessary arrangements for contact personnel and relevant emergency response personnel. Keeping this up to date is an important part of a disaster recovery strategy.
Although disaster recovery planning focus on a disaster event that has not to happen, it is important to develop and implement a strategy that protects your systems in advance.
What Are the Differences Between Disaster Recovery and Business Continuity?
People often use Disaster Recovery and Business Continuity concepts interchangeably. However, although they have similar meanings, they are not exactly similar concepts. Both Disaster Recovery and Business Continuity have a crucial role in a data protection strategy, and they have their own requirements and strategies.
Disaster Recovery focuses on an organisation’s recovery after a disruption or failure while Business Continuity focuses on keeping operations running when a disaster occurs. There are many elements to consider such as compliance requirements and protecting the reputation of the organisation for a good practice of Business Continuity.
Although something inevitable like a natural disaster means expected downtime, you need to minimize this downtime. If cyber attackers attack an organisation, it will suffer a major reputation loss and thus, the organisation must minimize the downtime.
Both Disaster Recovery and Business Continuity include planning not only for technical problems but also for physical problems. Although both concepts are very important for organisations, Business Continuity is considered to be slightly more important than Disaster Recovery.
What Are End-User Training?
End-User Training is the training provided for the end-users of the systems to provide a better insight into cyber security. Therefore, these training are gaining more and more importance with the increasing number of security breaches and hacking events.
The training covers topics about the issues that users should pay attention to in terms of information security. Experts also inform the users about how to stay safe in the electronic environment.
Any user who does not care about or neglect security practices can accidentally infect secure systems with malware.
Organisations need to provide this training for their end-users for the protection of the information and system.
As MS Cyber Security, we can provide you full protection and training to ensure the safety and security of your digital assets such as mobile devices, electronic systems, and data. You can contact us at any time to get information about future partnerships.
You can always contact us to get a free quote for one or more of these cyber security sub-branches we have provided in this guide.