Cyber Security

Cyber security can be defined as the protection of an organisation’s data and assets through policy, risk management, software, tools, training, best practice and technologies. The remit of cyber security is the same as that of information security: protecting the confidentiality, availability and integrity (CIA) of corporate information assets.

Assets susceptible to cybercrime include devices capable of connecting to networks and the Internet, telecommunications, personnel, infrastructure, and any information sent or stored in the cyber domain. Cyber security aims to achieve and uphold the security of organisational and user assets against security threats in the cyber domain.

Quick Links:

Cyber Security in Europe

In February 2013, a directive of the European Parliament proposed measures to ensure a high common level of network and information security across the European Union. The measures proposed aim to strengthen European cyber security efforts by creating a system for reporting security incidents.

A recent report commissioned by the Department for Business, Innovation & Skills (BIS) and conducted by PWC reported that a large number of organisations in Europe experienced incidents of data corruption, infection by viruses and cyber-attacks by unauthorised outsiders. The report shows that 74% percent of respondents in Europe were attacked by unauthorised outsiders, attacks which included hacking attempts. 66% said that they suffered systems failure or data corruption, and 65% had been infected by viruses or malicious software. 11 organisations stated that they experienced significant attempts to break into their company’s network hundreds of times a day.

Download our free Cyber Security: A Critical Business Issue Green Paper

This green paper contains an overview of Cyber Security and details how to apply effective cyber security measures.

Download your free Cyber Security Green Paper today >>

Examples of notable data breaches in the EU:

 22/07/2014 European Central Bank (ECB) website hacked Details of attendees of ECB events were leaked, including 20,000 email addresses, and a smaller number of telephone numbers and addresses.
 29/01/2014  European Jewish Press website hacked  Denial-of-service (DoS) attack.
 11/05/2013  Website of the Romanian National Authority for qualifications hacked Administrator and user accounts breached.
22/05/2013 XCount3r hacked Audi Switzerland More than 2,000 accounts dumped.
08/05/2013 Dutch government websites suffered DDoS 10 million citizens unable to pay taxes and bills online.
22/12/2012 Belgian railway company data breached Internal error – inadvertently published 1.46 million sets of customer data online.
26/12/2012 Renault Bulgaria hacked 7,000 accounts, including administrative accounts and passwords, leaked.
08/11/2012 UNESCO website hacked 60 usernames and passwords leaked.

How is Europe coping with cyber threats?

EU member states and European institutions are protected by the European Union Agency for Network and Information Security, (ENISA). ENISA’s role is to enhance cyber security and to respond to cyber security challenges across the European Union. The agency seeks to develop awareness of information security for the benefit of EU citizens, consumers, businesses and public sector organisations.

Although there is no overarching approach to cyber security in Europe, a number of countries have their own regional strategies in place to mitigate the cyber threats.

Visit the ENISA website to view the cyber security strategies of each of the European Union member states.

Cyber Resilience

ISO 27001 has cyber resilience at its core. Cyber resilience is the resistance of organisations’ systems and processes to cyber attack or natural disaster.

The new, 2013, final draft standard of ISO27001 is now available. Buy now to get ahead in the updating process and prove your commitment to adhering to international best practice. Buy a copy of the ISO/IEC 27001 today >>

The ISO27000 family of standards includes standards which set out best practice methodologies to manage cyber resilience:

  • ISO/IEC 27001:2013, the specification for an information security management system (ISMS).
  • ISO/IEC 27002:2013, which details how to go about initiating, implementing, maintaining, and improving information security management within an organisation.
  • ISO/IEC 27031:2011 (Download), which deals with how organisations can ensure their IT processes and systems are prepared for business continuation should an incident occurs.
  • ISO/IEC 27035:2011 (Download), which provides a guideline of how to cope should an information security incident occur.

Apply Cyber Security best practice

Our Cyber Security Governance & Risk Management Toolkit helps you integrate a number of cyber security approaches into a single framework. This toolkit enables you to combine the individual strengths of the top cyber security approaches to enable you to get the best from each of them collectively.

  • PAS 555:2013, the new standard for cyber security risk governance and management.
  • ISO/IEC 27032, the international guidance standard for managing cyber security risk.
  • The Cloud Controls Matrix, developed by the Cloud Security Alliance for cloud service providers.
  • Ten Steps to Cyber Security, the methodology developed by the UK’s Department for Business to help organisations secure their cyber defences.
  • ISO/IEC 27001, the internationally recognised standard against which an information security management system can achieve accredited certification.

Find out more about the Cyber Security Governance & Risk Management Toolkit >>

IT Governance is a specialist in helping organisations with cyber security, cyber governance and cyber compliance. Find out more about our products and services here.

You may also be interested in: