Security is never a 100% game. However, the security dilemma is that hackers only have to get it right once while the security team has to get it right every time. The Six Principles of Cyber Security are best practices that guide IT and management through the process of being one-step ahead of the threat in today’s world. Network security used to be achieved by scanning network traffic on various OSI layers. Classic firewalls scan up to OSI layer 4 and from there, web application fi rewalls take over and scan up to application layer (OSI Layer 7). The introduction of new technology enabled the evolution of new, intelligent bots that show “humanistic” behaviour. If you still use a username and password to access your systems you should seriously consider moving to an advanced access management solution. In today’s world, a combination of username and password is no longer secure enough. Instead, so-called multi-factor–authentication (MFA) is the way forward. The principle is to use at least two independent authentication methods, e.g. username and password, plus a second authentication method such as a PIN, TAN, SMS, or simply an app on your smartphone. The second aspect of an advanced access management is to log any access to your systems. There are several systems in the market that perform logging, analysis and alerting all in one solution. Sophisticated solutions again use machine learning and pattern recognition to detect unusual behavior and automatically send out alerts. In addition to security measures on the network, most systems are secured with an antivirus solution. In days of cyber-attacks this is also no longer enough. Enhanced application security consists of two additional measures: One of the most important cyber security principles is to identify security holes before hackers do. Trusted Attack Simulation, simulates attacks from outside and inside your IT, and gives you a report that identifies potential security holes in your IT. Today you have to assume that your data can be stolen, both when it is in transit, or directly from your servers and storage, where the data is at rest. The data encryption principle addresses two stages of encryption: Last, but not least, any company that uses IT be it from internal sources, a cloud, or any third party provider, needs to develop its Compliance Business Framework (CBM) for security. Here you articulate your security policies, principles and guidelines for the entire company.Security beyond Firewall
Additionally, good bots like Google crawlers, are approaching websites to increase your company’s value in the internet. Instead of looking for suspicious data new systems have learned to look for suspicious patterns of traffic to identify and protect against fraud.
Through machine learning and day-to-day engineering, these new solutions allow blocking of bad bots while passing through good bots. These solutions extend network security beyond pure traffic scanning into pattern recognition.Advanced Access Management
With an advanced access management solution, you will know at any time who enters your IT and you will have the keys under constant control.Enhanced Application Security
1) security driven release management, where applications, related patches, and service packs are updated for security reasons and not for new functionality and;
2) pattern recognition in the application that allows for automatic detection of suspicious behavior. Most of these systems come with a machine learning code.Trusted Attack Simulation
Internal attack simulation is as important as external attack simulation. Only if you assume a hacker can sit inside your management network you will introduce the correct measures. You are on the right track if you are able to give a hacker access to your internal network and still feel safe.Data Encryption
1) Encryption in Transit (EIT) and
2) Encryption At Rest (EAR).
Only after data is encrypted at both stages, EIT and EAR, data is secure and it is much harder to derive information from it if stolen any.Compliance Business Framework
Mostly the CBM is linked to other compliance policies such as ISO9001, ISO27001 and so forth. However, the CBM policy should be developed around your specifi c security need and it is the responsibility of the Security Officer to maintain and ensure it is correctly implemented and maintained.
The Six Principles of Cyber Security (2024)
Table of Contents
Security beyond Firewall
Advanced Access Management
Enhanced Application Security
Trusted Attack Simulation
Data Encryption
Compliance Business Framework
Top Articles
Learn Dutch: language courses, tips, and tools
Behaviour: Debriefing and Post-Incident Support - Challenging Behaviour
Latest Posts
Qualities of a Good Manager: 13 Soft Skills You Need
Cyber Security Resume Examples and Tips to Get You Hired
Article information
Author: Amb. Frankie Simonis
Last Updated:
Views: 6035
Rating: 4.6 / 5 (76 voted)
Reviews: 91% of readers found this page helpful
Author information
Name: Amb. Frankie Simonis
Birthday: 1998-02-19
Address: 64841 Delmar Isle, North Wiley, OR 74073
Phone: +17844167847676
Job: Forward IT Agent
Hobby: LARPing, Kitesurfing, Sewing, Digital arts, Sand art, Gardening, Dance
Introduction: My name is Amb. Frankie Simonis, I am a hilarious, enchanting, energetic, cooperative, innocent, cute, joyous person who loves writing and wants to share my knowledge and understanding with you.