Understand the Language of Cybersecurity

When you get started working around cybersecurity, it can sound like people are speaking a foreign language. Like most of the IT industry, cybersecurity has a language of its own. We’ve all become familiar with the basic security terms and aspects when we secure our personal data and information, but when you go deeper into the rabbit hole, the more technical things can get.

Let’s go over some commonly used terms you’ll hear so you can talk the talk when it comes to cybersecurity.

Antivirus / Anti-malware

A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents, sometimes by removing or neutralizing the malicious code.1

Chief Information Security Officer (CISO)

A senior-level executive who’s responsible for developing and implementing an information security program which includes procedures and policies designed to protect enterprise communications, systems, and assets from both internal and external threats. The CISO may also work alongside the Chief Information Officer (CIO) to procure cybersecurity products and services and to manage disaster recovery and business continuity plans.

The CISO may also be referred to as the chief security architect, the security manager, the corporate security officer, or the information security manager, depending on the company’s structure and existing titles. While the CISO is also responsible for the overall corporate security of the company, which includes its employees and facilities, he or she may simply be called the Chief Security Officer (CSO).2

Continuous Monitoring

A risk management approach to cybersecurity that maintains an accurate picture of an agency’s security risk posture, provides visibility into assets, and leverages use of automated data feeds to quantify risk, ensure effectiveness of security controls, and implement prioritized remedies.

Controls

Safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets.

Cybersecurity

The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation. If you’re interested in protecting your business data, click here now to find more information.

Cybersecurity Framework

An IT security framework is a series of documented processes used to define policies and procedures around the implementation and ongoing management of information security controls. These frameworks are basically a blueprint for building an information security program to manage risk and reduce vulnerabilities. Information security pros can utilize these frameworks to define and prioritize the tasks required to build security into an organization. You can get 24×7 monitoring service to prevent cybersecurity incidents from happening in the first place, learn more about this service at Nettitude website.

Data Breach

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.5

Data Exfiltration

The unauthorized transfer of data from a computer, attached device, or network. Such a transfer may be manual and carried out by someone with physical access to a computer, or it may be automated and carried out through malicious programming over a network.

Data Loss Prevention

A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.6

Data Protection/Insider Threat

Data protection places emphasis on data as an asset that has a value assigned. Think about intellectual property, trade secrets, personally identifiable information (PII), personal health information (PHI), credit card, or financial information as an example. This IS the last layer of defense. Activities include data classification, data loss prevention (DLP), data masking, or de-identification.

Endpoint Protection

Relates to all manners of protection regarding the operating systems, applications, connections, and behavior of an endpoint such as a laptop, desktop, mobile device, or server. This is one of the last layers of defense. Activities include antivirus, anti-malware, operating system/application hardening, configuration management, email/web filtering, access control, patching, and monitoring.

Exposure

The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.7

Firewall

A capability to limit network traffic between networks and/or information systems.

Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.8

Governance

An umbrella approach referring to a company’s posture towards governance, risk, and compliance. This includes the rules of the road and guidance that the company follows. These activities are foundational and provide meaning and direction to the following items: security policies and procedures, training and awareness, risk and vulnerability assessment, and penetration testing along with providing metrics as to where a company is on a risk and maturity scale as well as trends showing progress.

Incident

An occurrence that actually or potentially results in adverse consequences, adverse effects on or poses a threat to an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.9

Incident Response

Activities related to how an organization prepares, trains, and coordinates response to assumed or confirmed security incidents that have a material impact of the corporate business strategy, as well as impacts to employees or business partners. Incident response in action includes the following activities: monitoring, incident identification and triage, remediation, restore, and recovery activities (designed to restore the company to normal operations). In the SMB, space this may include Business Continuity and Disaster Recovery.

Log Collection

Log collection is the heart and soul of a SIEM. The more log sources that send logs to the SIEM, the more can be accomplished with the SIEM.10

Log Management

The National Institute for Standards and Technology (NIST) defines log management in Special Publication SP800-92 as: “the process for generating, transmitting, storing, analyzing, and disposing of computer security log data.”

Log management is defining what you need to log, how it’s logged, and how long to retain the information. This ultimately translates into requirements for hardware, software, and of course, policies.11

Malware

Software that compromises the operation of a system by performing an unauthorized function or process.12

Synonym(s): malicious code, malicious applet, malicious logic

Multi-Factor Authentication (MFA)

A security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.13

The National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation’s oldest physical science laboratories. The organization’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

Phishing

A digital form of social engineering to deceive individuals into providing sensitive information.14

Risk Assessment

The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.

Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.15

Risk Management

The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Extended Definition: Includes 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.16

Security Information and Event Management (SIEM)

SIEM became the generalized term for managing information generated from security controls and infrastructure. It is essentially a management layer above your existing systems and security controls. SIEM connects and unifies information from disparate systems, allowing them to be analyzed and cross-referenced from a single interface.17 To know more about what SIEM is, visit this webpage.

Security Operations Center (SOC)

A security operations center (SOC) is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes.18

Single Sign-On (SSO)

Single sign-on (SSO) is a session and user authentication service that permits an end user to enter one set of login credentials (such as a name and password) and be able to access multiple applications.19

Weakness

A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.20

Now that you have a better understanding of cybersecurity terms and phrases you’ll hear around the industry, share them with your customers so you’ll start speaking a common language.

References

1, 3, 5, 6, 7, 8, 9, 12, 14, 15, 16, 20 Explore Terms: A Glossary of Common Cybersecurity Terminology
Retrieved from https://niccs.us-cert.gov/about-niccs/glossary

2 Rouse, M (December 2016) CISO (Chief Information Security Officer) 
Retrieved from https://searchsecurity.techtarget.com/definition/CISO-chief-information-security-officer

4 Granneman, J (May 2019) Top 7 IT Security Frameworks and Standards Explained) 
Retrieved from https://searchsecurity.techtarget.com/tip/IT-security-frameworks-and-standards-Choosing-the-right-one

10 Constantine, C (December 2018) Standards and Best Practices for SIEM Logging 
Retrieved from https://www.alienvault.com/blogs/security-essentials/what-kind-of-logs-for-effective-siem-implementation

11 Torre, D (October 2010) What Is Log Management and How to Choose the Right Tools 
Retrieved from https://www.csoonline.com/article/2126060/network-security-what-is-log-management-and-how-to-choose-the-right-tools.html

13 Rouse, M (March 2015) Multifactor Authentication (MFA) 
Retrieved from https://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA

17 Constantine, C (March 2014) SIEM and Log Management—Everything You Need to Know but Were Afraid to Ask, Part 1 
Retrieved from https://www.alienvault.com/blogs/security-essentials/everything-you-wanted-to-know-about-siem-and-log-management-but-were-afraid

18 Lord, N (July 2015) What Is a Security Operations Center (SOC)? 
Retrieved from https://digitalguardian.com/blog/what-security-operations-center-soc

19 Rouse, M (June 2019) Single Sign-On (SSO) 
Retrieved from https://searchsecurity.techtarget.com/definition/single-sign-on

Security risk

How MSPs Can Reduce Their Security Risk

While technology improves our lives in so many ways, it certainly isn’t free from drawbacks. And one of the biggest drawbacks is the risk of cyberattacks—a risk that’s escalating every day.

To reduce the increasing risk of cyberattacks—to your customers and your MSP business—it’s essential to put protocols in place to strengthen your internal security (we often refer to this as ‘getting your house in order’) and protect your clients. The truth is, your customers automatically assume that security is integrated into the price of their contract. That means you need to educate them on the subject, or risk falling short of their (potentially unrealistic) expectations.

What’s more, this is a prime opportunity to offer additional services—and increase revenue.

“You don’t want to deliver security services and not have the client invest in those services,” explains George Mach, Founder and CEO of Apex IT Group. “It would impact your MSP in a negative way.”

In our Path to Success Security Spotlight, I sat down with George Mach to discuss how you can define, identify, and reduce your level of risk, and boost revenue as a result. Here are just a few of our tips.

Understand Your Risk

The first step to reducing risk and providing Security-as-a-Service is understanding the current state of your MSP’s security.

“If you don’t know your own gaps or have good security hygiene in your own MSP, it’s really hard to deliver world-class security services to your client,” Mach says.

As an MSP, you have access to a wealth of sensitive information about your clients, including their passwords, addresses, and names. As such, it’s crucial that your MSP is fully protected. Even the smallest data breach could cause your clients to lose trust in you—damaging your reputation and costing you their business.

Trust, Train & Protect Your House

To protect your MSP (and by extension, your clients), Mach recommends following three simple steps.

First, make sure that you only hire trustworthy people. Of course, it isn’t always easy to spot a wolf in sheep’s clothing, but there are a few measures you can take to safeguard your organization against harmful presences. During the hiring process, this could include conducting a background check and verifying a candidate’s education and employment history. You can also consider creating new onboarding policies and asking employees to sign agreements that go on file, holding them accountable to specific standards.

Secondly, it’s important to train everyone at your organization about how to detect potential scammers—including staff in non-technical positions. As part of this training, you may also want to conduct a security skills assessment and record that it has taken place. That way, should the worst happen and a client decides to sue following a security breach, you can prove the measures your company took to try and prevent it—helping protect your reputation.

“The goal is to be in a defensible position if something were to happen,” Mach says.

Thirdly, it’s essential to enforce technical, physical, and administrative controls at your organization. Firewalls and endpoint protection are a must. Investing in swipe cards or biometric scanners can also help you strengthen your protection by helping you identify every person who enters your building. And to reduce your legal risk, don’t overlook the importance of nondisclosure agreements (NDAs) and business associate agreements (BAAs).

Follow the Framework

Once you’ve increased security at your MSP, you can start thinking about how to offer Security-as-a-Service. Following the protocols outlined in the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework is a good place to start. These protocols are: identify, protect, detect, respond, and recover.

By following these protocols, your company can turn secure protection into a competitive advantage. But that’s only possible if you communicate it properly to your clients.

Throughout conversations with your clients, it’s crucial to gain an understanding of their security priorities and the metrics they use to determine their success. Once you’ve identified these factors, you can establish risk thresholds that are closely aligned with your client’s risk tolerance.

Benchmarking your clients’ level of risk against industry standards and using a weighted scoring system to rank it from high to low can make it easier to communicate the value of your services to them—and the impact you’ll have on their business.

Measure Risk Reduction—Then Market It

You can use two approaches to measure risk reduction.

The quantitative approach, which is more technical, considers a server’s asset value, its exposure factor (which takes into account how often the server is left unattended and whether that server is in a protected environment), and the loss expectancy, which is related to the rate of occurrence of various risks. Taking all these factors into account, you can more accurately price your services—and your clients can make a more informed decision about whether to live with the risk or do something to mitigate it.

The qualitative approach is less complex. It uses available data to calculate the likelihood of a risk. You can then suggest countermeasures to ensure protection.

Whichever approach you choose, explaining your findings and suggested solutions in layman’s terms and backing up your claims with evidence helps to build trust with your clients.

It’s this trust that will persuade clients to invest in your security service—and remain satisfied customers for years to come.


This article was provided by our service partner : Connectwise