CYBER SECURITY = People, processes and technology
People, processes and technology are important components of Cyber security. Through recognition, identification and implementation, these controls will improve the organisation’s ability to mitigate information security risks. Each component consists of a number of attributes as detailed below:
- People: Culture and attributes, skills and training, organisation, roles and responsibilities
- Processes: Ensure applications, architecture and infrastructure components are correctly identified, recorded and documented. These components need to be installed and configured correctly, updated, monitored and recorded. The necessary security controls and mechanisms also need to be implemented
- Technology: Ensure the necessary procedures, standards and regulatory requirements are correctly defined, documented, published, implemented, monitored and recorded. An ongoing improvement process should also be implemented. This will provide a mechanism to allow the organisation to develop and improve further.