InformationTechnology Security and Your Business:
The author will be writing a monthly article throughout 2019 on Cybersecurity across various market segments. Be sure to watch for it to see how your business may benefit from this important information. Good reading and see you next month.
Information security (IT security), also known as computer security or cybersecurity, is the protection of computer systems from theft or damage to the hardware, software, or electronic data. Computer security breaches are increasing in government and across all market sectors, making it one of the biggest challenges of conducting business in present times. The motivation for security breaches can vary between attackers. Thrill-seekers and vandals are usually motivated by individual reasons, while activists and criminals are vying for political and/or financial gain.
Having a plan in place can greatly reduce the chance that an unidentified intrusion will turn into a major system failure or data breach. Presently, the combination of end user security training and incident response planning is the best way to lessen the likelihood and impact of a system attack. Because technology security is usually approached from a technical perspective, the human error factor can be overlooked. End users have been identified as the weakest link in the security chain and account for the majority of security incidents and breaches. Applying a ‘best practices’ approach through incident response planning is essential to managing and mitigating the occurrence of a computer security event.
In 2013, executive order 13636: Improving Critical Infrastructure Cybersecurity was signed, which prompted the creation of the NIST Cybersecurity Framework. NIST SP 800-171 applies to all non-governmental entities doing business with the Department of Defense (DoD), regardless of their role in the supply chain. Across the nation, businesses within the supply-chain are beginning to realize that compliance with this regulation is not an option. Changing the culture and procedures in any business can be a daunting task, but in these challenging times, cybersecurity is the new reality of doing business.
A. Elisabeth Tolsdorf is author of this article and the Director of NIST SP 800-171 Compliance for Hawk Technologies, a woman-owned firm located in Houghton, Michigan. Hawk is the Upper Midwest’s primary source for NIST SP 800-171 Compliance services. Additional information about NIST SP 800-171 and Hawk’s CAD services capabilities can be found at www.hawktechinc.com.