Cyberthreat is a product that exploits and does harm. It is continuously developed, integrated, and delivered by cyber threat agents.
The threat agent’s means of achieving purpose are what are commonly considered unethical, illegal, and harmful to the life and privacy of a person inside the cyber of digital technology-enabled services of engaging customer, citizen, or consumer.
Cybersecurity is a product that controls and makes safety. It is continuously planned, designed, build, tested, deployed, and operated by cyber security workforce
The work motivation is founded on ethical principles and legitimate interests that uphold the quality of life with information confidentiality, process integrity, system availability, data privacy, consumer safety, and infrastructure resiliency.
Cyber threat agent always starts with “anonymous” finding out the security gaps in the victim’s comfort zone and asset configuration. It simply uses readily available tools to make visible the compliance of the asset environment to the known security principles and controls.
The analyzed gaps or non-mitigated security risks are exploited to realize spoofing, blocking, tampering, repudiation, information disclosure, denial of service, and escalation of privilege in order to achieve the illegitimate purpose.
The cyber security workforce is upskilled to deliver just in time the objectives of the following responsibilities in making safe the critical information assets of value creation and consumer relationships.
1 Protect, Shield, Defend, and Prevent
2. Monitor, Detect, and Hunt
3. Respond, Recover, and Sustain
4. Govern, Manage, Comply, Educate, and Manage Risk
The organization, in government and business, that claims cybersecurity competence is simple and definitive in its “user story” of its risks, goals, function, job roles, enablers, and investment.
1. It illustrates the integrated administrative, technical, physical, and people elements in the organization that agrees to achieve the statutory goals, and to deliver the regulatory objectives of cybersecurity and data privacy.
2. It outlines the function of cybersecurity and the job roles associated with each of the integrated accountability and responsibility.
3. It creates the matrix of structured knowledge to support the competence requirement of implementing the mandated principles, functions, processes, technologies, and standards of cybersecurity.
4. It constructs the cybersecurity operation environment that makes competence competent to assure Trust that digital technology-enabled services are by design and by default behave information confidentiality, process integrity, system availability, data safety, consumer safety, and infrastructure resiliency.
5. It authorizes the procurement plan that demonstrates the acquisition requirements to achieve the mitigation objectives for the evaluated cyber threat and data privacy breach incident.
6. It measures the utility and reliability of opted brands and interest groups on cybersecurity products to support the evaluated security level requirement of making safe the cyber of doing business and consumer relationships.
Cybersecurity is simply the visibility of assets and threats; the applicability of controls and standards, and the commitment of governance and management.
The core function of cybersecurity is identification, protection, detection, response, and recovery. The capability and capacity are regularly tested in the cyber drill of attracting and protecting – the red team of cyber kill and the blue team of cyber security.
Cybersecurity is demonstrated ability to make visible the protected asset and to provide the safety conditions for the asset to create value for its stakeholders.
It is acquired, installed, integrated, operated, and improved products and services surrounding information confidentiality, process integrity, system availability, data privacy, consumer safety, and infrastructure resiliency.
Effectiveness and efficiency in cybersecurity operations are supported by doctrine, organization, training, material, leadership, personnel, and finance.
The knowledge support in achieving a common goal and integrated activities of cybersecurity is simply categorized by the following:
1. Cybersecurity Governance and Management Capability
2. Cybersecurity Threats, Controls, and Technologies
3. Cybersecurity Security Operation and Incident Management
The knowledge content is verified and validated with international community-driven standards, professional organization body of knowledge, statutory and regulatory guidance, and current threat intelligence of the value stream and supply chain.
KNOWLEDGE POST
jmlogic: Knowledge & Technology 