How Much Cyber Security is Enough?

Coull, Anne

Home // CYBER 2019, The Fourth International Conference on Cyber-Technologies and Cyber-Systems // View article

Authors:
Anne Coull

Keywords: cyber security; risk management; penetration testing; threat; vulnerability; control; NIST; ASD; APRA; ISO27001; ISO27002; defence in depth

Abstract:
Cyber security is a risk: the risk that the company’s information assets will be compromised in a way that affects their data’s integrity, availability, and/or confidentiality. Like any other enterprise risk, cyber risk needs to be managed in a way that balances the cost of risk realisation against the cost of mitigating that risk. Defence in depth is a seemingly simple and logical approach to protecting systems and data, but is defence alone enough, and how much is needed? Local and global standards and guidelines that direct companies in where to focus their mitigative efforts, but for the initiated, these can be confusing. Cyber security is an expensive exercise, with much at stake. By taking a practical approach to that combines people, policies, processes as well as technology, organisations can manage the cyber security risk to protect their critical and sensitive information assets, and comply with government regulations, within a reasonable budget.

Pages: 19 to 25

Copyright: Copyright (c) IARIA, 2019

Publication date: September 22, 2019

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-61208-743-6

Location: Porto, Portugal

Dates: from September 22, 2019 to September 26, 2019