EDUCATE.
TRANSFORM.
PROTECT.

Delivering expert cyber security solutions to small and medium-sized businesses

Learn More

The 12 Days of Christmas with GoldSky Security: Part 1

This December, GoldSky Security is excited to release our “12 Days of the Holidays” festive jingle and 3-part blog series! This series will highlight key cybersecurity terms and explain how to protect your data during the holiday season and throughout the year. From tips on preventing holiday-related crimes to keeping your business safe while you travel, we’ve got you covered. Be sure to check back each week for a new blog post. Now let’s begin… 

“On the 1st day of the Christmas, my CISO gave to me: a risk assessment led with expertise!” 

 Before diving into what a risk assessment is, let’s take a few steps back and learn about CISOs. A CISO, or chief information security officer, is responsible for developing and implementing an organization’s security strategy. CISOs are cybersecurity experts often found in larger enterprise businesses with larger budgets, but smaller businesses may not have one on staff due to the high cost of bringing one on full-time. CISOs typically have a background in computer science or engineering and are responsible for protecting an organization’s data from external and internal threats. Now that we’ve covered CISO’s, let’s take a look at security risk assessments. 

It’s no secret the world is in the middle of a Digital Industrial Revolution hatand  data breaches are becoming more and more common. In fact, a report from Norton by Symantec found that global cybercrime costs are expected to reach $2.1 trillion by 2019. With numbers like that, it’s no wonder that businesses are starting to invest more in cyber security. But what many businesses don’t realize is that before you can invest in the right security measures, you need to first assess your risks. A security risk assessment is a crucial first step in protecting your business from a cyberattack. By taking the time to identify and assess your risks, you can develop a more targeted and effective security plan. Now, onto day 2… 

“On the 2nd day of the Christmas, my CISO gave to me: 2 new controls…” 

Security controls are the safeguards or countermeasures used to protect electronic information and systems from unauthorized access. They are a critical component of an information security management system (ISMS), which is a framework that helps organizations manage their security risks. There are many different types of security controls, but they can generally be grouped into three categories: 

  1. Preventive Controls: These controls help prevent security incidents from happening in the first place. Examples include access control measures like user authentication and role-based access control.
  2. Detective controls:These controls help detect security incidents that have already occurred. Examples include intrusion detection systems and auditing.
  3. Corrective controls: These controls help mitigate the impact of security incidents that have already occurred. Examples include incident response plans and backups. 

Security controls are important because they help protect organizations from the damage that can be caused by security incidents. They can also help organizations comply with laws and regulations, such as the EU General Data Protection Regulation (GDPR). When choosing security controls for an ISMS, organizations should consider the nature of their business and their specific security risks. 

“On the 3rd day of the Christmas, my CISO gave to me: 3 pen tests…” 

Organizations are under constant attack by cyber criminals who are looking to exploit vulnerabilities in order to gain access to sensitive data. A penetration test, also known as a “pentest”, is a simulated cyber attack that is conducted in order to identify security weaknesses in an organization’s information security management system (ISMS). There are many different types of penetration tests, but they all have one common goal: to find security vulnerabilities in a system. By trying to exploit these vulnerabilities, penetration testers can gain access to sensitive data or systems that could be used to launch attacks. 

Penetration tests can be divided into two main categories: black box and white box. Black box tests are conducted without any prior knowledge of the system, while white box tests are conducted with full knowledge of the system. Both types of tests have their advantages and disadvantages. Black box tests are more realistic because they simulate the way an attacker would approach a system. White box tests are more comprehensive because they allow testers to focus on specific areas of the system. The most important thing is to choose the right type of test for your needs. If you’re not sure, you can always consult with a security expert. 

Pen testing can help organizations to identify and fix security vulnerabilities before they are exploited by real attackers. In addition, pen testing can also help organizations to assess the effectiveness of their security controls and to identify areas where improvement is needed. Organizations that conduct regular pen testing can benefit from improved security and privacy, as well as from increased peace of mind knowing that their ISMS is up to the challenge of protecting their data from hackers. 

On the 4th day of the Christmas, my CISO gave to me: 4 locked doors… 

Locks on doors are an example of physical controls. There are many benefits to having physical security controls in place. They can help to deter crime and can provide the first line of defense in the event of an incident. Physical security controls can also help to protect your business assets and your employees. 

When choosing physical security controls for your business, it is important to consider your specific needs and risks. There is no one-size-fits-all solution, and the best security measures for your business will depend on a number of factors. Implementing physical security controls can seem like a daunting task, but it is important to remember that even small steps can make a big difference. By taking the time to assess your risks and needs, you can develop a security plan that will help to keep your business safe. 

As a business owner, you are responsible for the safety and security of your employees, customers, and premises. Physical security can deter/detect potential threats, and help to protect your business in the event of an incident. 

Here are some other examples of physical controls: 

  • Fencing around the perimeter of the building 
  • Gates with security guards 
  • ID badges for employees 
  • Video cameras 
  • Alarm systems 

These are just a few examples of the hundreds of different physical controls that can be put in place to help protect a business’s data. It’s important to have a layered approach to security, and physical controls are an important part of that. 

Check back in next week for Part 2… 

In Part 1, of this 3-Part series, we covered the importance of security risk assessments, why security controls are crucial to your ISMS, the different types of pen tests, their benefits, and a few different examples of common physical security controls. Later on this week we’ll be covering 4 additional cybersecurity solutions that GoldSky can help you put into place to protect your sensitive data. Be sure to check back in next week and the week after, to educate yourself further and become safer in cyberspace. If you would like to learn more today or would like to share any feedback, feel free to contact us anytime to set up a meeting with one of our cybersecurity experts. Happy Holidays everyone! See you next week… 



CONTACT US FOR A FREE CONSULTATIONGetting started in security can be challenging. Let us help ease the burden of security and compliance with our small-mid sized business services and solutions.