What is Cybersecurity?

[Sam.F]

Hi, i have many questions hopefully i can writte my questions and you guys can understand this one. I work in a metal manufacturing company that makes parts per customer prints. And i was promoted to Quality Mgr, and there are many, things that im learning, cybersecurity is been mentioned in my emails from customers. Can someone tell me what is cybersecurity and when and how can we be compliant to it? Is it something like iso9000? Are we going to be audited, what documentation do we have to have. Thank you very much guys.

 

[Funboi]

Cyber security is one part of information security. Organizations are being asked how they keep information - customer information, intellectual property etc - secure from theft, including through computer access. etc. You will have likely heard of organizations being help to ransom because their computers were “hacked”.

There is a standard which defines requirements for an Information Security Management System - which is like ISO 9001 in many ways. It’s known as ISO/IEC 27001. Your organization can be certified.

 

[Tidge]

An easy way to consider the general topic of Cybersecurity is to use the CIA paradigm:

• Confidentiality, which is the area of information and intellectual property with a general failure mode involving "theft"
• Integrity, which is the area concerned with the systems doing their assigned tasks the way they have been developed to, with the general failure mode involving "manipulation"
• Availability, which is the area concerned with keeping the systems ready for use, with the general failure mode involving "can't use"

There are a lot of directions that the conversation can go, but with the CIA paradigm in mind it is possible to not lose sight of the bigger picture, no matter what industry is of concern.

 

[Cari Spears]

If your company is doing defense work, your customers are likely concerned with your compliance to NIST 800-17 per DFARS 252.204-7012, and the long anticipated release of Cybersecurity Maturity Model Certification CMMC 2.0.

In our company, our IT manager is responsible for any cybersecurity compliance - so I forward anything to do with cybersecurity directly to him.

 

[Sam.F]

Cyber security is one part of information security. Organizations are being asked how they keep information - customer information, intellectual property etc - secure from theft, including through computer access. etc. You will have likely heard of organizations being help to ransom because their computers were “hacked”.

There is a standard which defines requirements for an Information Security Management System - which is like ISO 9001 in many ways. It’s known as ISO/IEC 27001. Your organization can be certified.

Thank you, do we have to be cerified ti iso/iec 27001 if we are doing work with defence?

 

[Sam.F]

If your company is doing defense work, your customers are likely concerned with your compliance to NIST 800-17 per DFARS 252.204-7012, and the long anticipated release of Cybersecurity Maturity Model Certification CMMC 2.0.

In our company, our IT manager is responsible for any cybersecurity compliance - so I forward anything to do with cybersecurity directly to him.

Thank you, is there a date that we have to be compliant to cybersecurity. I heard you are graded in a government website, and i heard lots of companies are in the negative percentage.

 

[Jen Kirley]

Thank you, do we have to be cerified ti iso/iec 27001 if we are doing work with defence?

If it is a requirement it will be included in your contract. As a new Quality Manager, this seems like a good time to review your contracts.

 

[blackholequasar]

If your company is doing defense work, your customers are likely concerned with your compliance to NIST 800-17 per DFARS 252.204-7012, and the long anticipated release of Cybersecurity Maturity Model Certification CMMC 2.0.

In our company, our IT manager is responsible for any cybersecurity compliance - so I forward anything to do with cybersecurity directly to him.

Our company is just now doing work towards CMMC. We have been operating our ERP off of a virtual machine that runs Windows XP because it's no longer supported... so that's the FIRST thing that has to go! We deal with ITAR and it is critical that our security is in place but it's been a long and arduous process.

 

[Funboi]

Thank you, do we have to be cerified ti iso/iec 27001 if we are doing work with defence?

Which country are you in?

 

[Sidney Vianna]

Can someone tell me what is cybersecurity

Imagine you get to work on a Monday morning and, after turning your computer on, you realize that you can’t log on to your network, just like every body else in the company. Can’t access emails, jobs or anything else. The whole company is shutdown because the server was hijacked via a malware when someone in sales (it is always sales) clicked on a suspicious link in an email. Now the hackers want $209,000 in bitcoins as ransom to stop the hijacking and the owner doesn’t want to pay. Far fetch you think? It happens every week with hospitals, businesses, banks, even non profit organizations.

Now also imagine the FBI raids the place on a Wednesday afternoon because one of your clients got a hold of one of their proprietary military designs being sold on the dark web and the IP address of the seller resolves to your server.
Examples of cyber crimes abound endlessly with a world going more and more digital every day.

If an organization is not living under a rock, they should be educating themselves on all the risks associated with data.