Cyber Security is a set of techniques and methodologies designed to protect the information systems.
The security of the information system is an essential requirement to ensure the reliability and efficiency of both the internal and the external services provided by the enterprise; its primary operational objective is protecting the data and the IT elements that manage them.
Protection of the data and of the associated elements can only be guaranteed by preserving their:
- confidentiality: it ensures that data can only be accessed by the people who are authorised to access them.
- integrity: it protects the comprehensiveness of the data and of the transfer methods.
- availability: it ensures that authorised users can access the data and the elements processing them when necessary.
Failure to ensure an appropriate level of data security, in terms of Confidentiality, Availability and Integrity, may result in a loss of competitive advantage, of image, of customers, of turnover. In addition, the company risks incurring penalties associated with the breach of any law provisions in force.
Information system protection
The protection of the information
system is achieved by implementing a series of countermeasures,
like procedures, technical mechanisms or practices that reduce
the risks the whole set of company information is exposed to.
To achieve this purpose, a precise planning of the IT security of your organization (logical security plan) is essential that takes into consideration, constantly evaluating the risks, the following key points:
- Infrastructure Security : the security of the local and wide area network, of the perimeter extended by the virtual private network (VPN) and/or by cloud computing and of the systems on which the applications are implemented.
- Application e Data Security: application security as a logic of authorizations and data processing.
- Secure Operations: the policies and procedures allowing the members of an organisation to securely manage the company processes.