This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution.
If you would like additional information or assistance with the customization and implementation of a balanced risk
management process for your security program then please contact Mark @ 604-349-6557 or firstname.lastname@example.org
7 Critical Cyber Security Management System requirements
• Advanced threat identification
• Risk Management based decisions
• Rapid incident response
• Effective Governance
Before you can address CyberCrime risks you need to understand what a CyberSecurity is. CyberCrime
Defined by Canadian Law is as follows;
(1) Crimes in which the computer is the target of the criminal activity;
(2) Crimes in which the computer is a tool used to commit the crime, and;
(3) Crimes in which the use of the computer is an incidental aspect of the commission of the crime.
Tips that will prevent Cyber Criminals from making you a victim!
• Keep Your Secrets Secret - How safe you and your organization remains will depend on you and
other employees taking care on the Internet. Take a look at your online profile. How much
information about you is out there? Is there enough information to parse together for a social
engineer attack? i.e. your name, you eMail address, your employer, your job title, the names of
friends, your associates, your parents, your children’s names.
• Passwords That Work - Good security practices create a strong password
• Use at least eight characters; more is better.
• Use characters from at least three of the following groups:
• English upper case letters
• English lower case letters
• Westernized Arabic numerals (0,1,2,...)
• Non-alphanumeric (special) characters such as punctuation symbols
• Don't use any part of the account identifier (logon ID, Operator ID, etc.).
• Don't use a proper name or any word in the dictionary without altering it in some way.
• Don't use obvious phrases or sequences such as "GOBUFFS" or "12345".
• Don't reuse a password you have used before; construct a new password each time you
• Patches, Updates, and Security Software - When you get notices from your software vendors
to update your software, you should apply it. Most operating systems and browser updates
include security patches. Systems and devices belonging to your organization will be
maintained automatically or manually behind the scenes by your awesome support group in
• Be Smart - If a "friend" emails and asks for a password or other information, call or email (in a
separate email) that friend to verify that they were really who contacted you. The same goes
for banks and businesses. Remember that legitimate businesses won't email you asking for
passwords or account numbers.
• Effective vulnerability management
• Technology independent platforms and software
• Independently verifiable & audited risk mitigating controls