Category Archives: 2. Technology & Science

Introduction This article provides an introduction to five major information security policy frameworks that are commonly used by organizations to guide their cybersecurity strategies. These frameworks, developed by professional associations and standard organizations, help organizations create robust security policies and optimize the management of cybersecurity risks. 1. COBIT (Control Objectives for Information and Related Technologies): • Developed by:Continue reading “Security Policy Frameworks: Organizational Security Policies”

Introduction This article explores cybersecurity insurance and its role in managing cyber risks. The discussion covers how insurance can incentivize companies to improve their cybersecurity, the evolution of cyber insurance, and challenges facing the market. Key Topics: 1. Cybersecurity Insurance as Risk Management: • Insurance is a form of risk management that organizations can use to buffer against cyber risks.Continue reading “Cybersecurity Insurance: Organizational Security Policies”

Introduction This article focuses on cybersecurity risk analysis, explaining how organizations can assess and mitigate risks. It begins by discussing the probabilistic nature of risk, emphasizing that no system is completely secure. Risk is a function of two components: impact (the damage caused by an event) and likelihood (the probability of the event occurring). Key Concepts: 1. Risk Grid: • The lessonContinue reading “Cybersecurity risk analysis: Cybersecurity in the Organization”

1. Introduction The article focuses on cybersecurity at the organizational level by analyzing two significant cyber attacks: the Equifax breach and the SolarWinds attack. 1. Equifax Breach (2017): • A vulnerability in Apache Struts 2 allowed remote attackers to execute arbitrary code on the servers, which compromised the data of 145 million individuals, including SocialContinue reading “Case Studies: Cybersecurity in the Organisation”