Cyber Security is a set of techniques and methodologies designed to protect the information systems.
It is a vast topic, involving every element of an organisation that bases its business on IT and telematic architectures, and getting increasingly complex with each technological breakthrough. The security of the information system is an essential requirement to ensure the reliability and efficiency of both the internal and the external services provided by the enterprise; its primary operational objective is protecting the data and the IT elements that manage them.
Protection of the data and of the associated elements can only be guaranteed by preserving their:
- confidentiality: it ensures that data can only be accessed by the people who are authorised to access them;
- integrity: it protects the comprehensiveness of the data and of the transfer methods;
- availability: it ensures that authorised users can access the data and the elements processing them when necessary;
Failure to ensure an appropriate level of data security, in terms of Confidentiality, Availability and Integrity, may result in a loss of competitive advantage, of image, of customers, of turnover. In addition, the company risks incurring penalties associated with the breach of any law provisions in force.
Information system protection
The protection of the information system is achieved by implementing a series of countermeasures, like procedures, technical mechanisms or practices that reduce the risks the whole set of company information is exposed to.
To achieve this result it is essential to devise a detailed cybersecurity plan for one's organisation (logic security plan) taking into account the following key points, constantly assessing the related risks:
- Infrastructure Security : the security of the local and wide area network, of the perimeter extended by the virtual private network (VPN) and/or by cloud computing and of the systems on which the applications are implemented;
- Application e Data Security : the security of applications like the authorisation logic and of data processing;
- Secure Operations: the policies and procedures allowing the members of an organisation to securely manage the company processes;