1. Contents
What is Cyber Security
Cyber Security Principles
Cyber Security polices
Conclusion
2. Cyber security is the protection of internet-connected
systems such as hardware, software and data from cyber
threats.
Cyber security is the application of technologies,
processes, and controls to protect systems, networks,
programs, devices and data from cyber attacks.
Cyber security is the practice of protecting critical
systems and sensitive information from digital attacks.
What is Cyber Security
8/16/2022
2
3. It aims to reduce the risk of cyber attacks and protect
against the unauthorized exploitation of systems,
networks, and technologies.
These Cyber attacks are usually aimed at accessing,
changing, or destroying sensitive information, extorting
money from users, or interrupting normal business
processes.
Conn…
8/16/2022
3
5. Cyber security principles denote the basic rules should be used
when designing a secure system.
Compliance:- Compliance is necessary but not enough.
Risk based security:- Security should be applied consistently with the level
of accepted business risk.
Simplicity:- The security implemented should simple and not complicated.
Reusability and flexibility:-Design solutions with flexibility and future
reusability in mind.
Principles of Cyber Security
8/16/2022
5
6. Don’t assume trust with out evidence:- The basic principle in
security.
Secure overall design:- Security should not be treated in silos.
Defiance in depth:- Defense in depth came with layered approach.
Least privilege:- Access should be granted with a list privilege objective. No
more no less.
8/16/2022
6
Conn…
7. Separation/segregation of duties:- No single actor can
undermine security of the system.
Failsafe:- In the event of unexpected failure, the system must
remain secure.
Attack surface reduction:- Limit the functionality exposed to
malicious users.
8/16/2022
7
Conn…
8. 8/16/2022
8
Cyber security policy
Introduction
Cyber security policy : The written document that contain the
behavioral or tactical guideline of all employee that ensuring the
maximum protection from cyber attacks.
9. Some of the common cyber security policies are
Virus and Spyware Protection policy: This policy ensures the
detection and removal of viruses by reducing security risk.
Application and Device Control: This policy is for the protection
of the system’s resources from different parts of the system.
Host Integrity policy: This policy allows companies to make
changes to a client’s computer for security reasons.
8/16/2022
9
Cyber Security Policies
10. Access Control Policy: This policy defines the outlines accessible
to the company’s employees in terms of data and information.
Change Management Policy: defines the formal process that
companies need to go through for making IT and security changes.
Information Security Policy: To ensure all end users and
networks within an organization meet minimum IT security and data
protection security requirements.
Incident Response Policy: A policy to manage an incident and
remediate the impact it on the company.
8/16/2022
10
Conn…
11. Remote Access Policy: defines the method to remotely connect an
organization’s internal networks.
Acceptable Use Of Information Systems Policy: suitable use
of computer device at the company.
Account Management: This policy establishes a process for creating and
administering accounts that have access to the information.
8/16/2022
11
Conn…
12. E-Commerce Policy: this policy need for companies which have an
active e-commerce is presence.
E-Mail Policy: focus of means of communication in the formal sector
and regulates the rules for handling emails inside an organization.
Firewall Policy: The firewall is present in all company’s network and
this policy monitors its traffic.
8/16/2022
12
Conn…
13. Log Management Policy: This is a data entry system where the
companies maintain a record of security performance.
Network Security And VPN Acceptable Use Policy: This policy
defines the process of connecting a company’s network to any host.
Password Policy: This policy indicate create strong passwords
and change them frequently to avoid security breaches.
8/16/2022
13
Conn…
15. Patch Management Policy: this policy enables companies to use
software patches to overcome different vulnerabilities.
Server Security Policy: This policy defines internal server base
configuration standards and restrictions and applicable for servers
owned by the company as well as outsourced by them.
Social Media Acceptable Use Policy: use of social media in
business has grown rapidly in the last few years and takes care of
these things to maintain security inside the organization.
8/16/2022
15
Conn…
16. Systems Monitoring And Auditing Policy: This policy is for
monitoring and auditing systems to identify any sort of
inappropriate actions.
Vulnerability Assessment: In this policy information remains
secure at all levels.
Website Operation Policy: this policy for communication and
updates of the website and to ensures information protection.
Server Virtualization: It defines the server virtualization
requirements and how to manage them.
8/16/2022
16
Conn…
17. Wireless Connectivity Policy: The companies are very particular
about the Wi-Fi networks.
Telecommuting Policy: This policy is for the telecommunication
industry and its employees.
8/16/2022
17
Conn…