What is cybercrime and what are the costs of cybercrime to the global economy. What is the purpose of cybersecurity - protecting the confidentiality, integrity and availability of information. The three directions of cybersecurity: prevention, detection and response. Return of investment for cybersecurity. About Software as a Service, Platform as a Service and Infrastructure as a Service. About ISO 27001 and ISO 27017. Is there a difference between information security and cybersecurity?
Application of ISO/IEC 27001 for cybersecurity. Understand and apply the requirements for a cybersecurity program.
04:04:50 of on-demand video • Updated April 2020
Principles and concepts in cybersecurity
Threats and vulnerabilities
Risks and controls
Best practices for a succesful cybersecurity program
How ISO/IEC 27001 requirements apply to cybersecurity
Common attacks, how they work and how they can be prevented
(upbeat music) -: A few general aspects about the cybersecurity. As the world is changing due to the internet and technology and risks come along, as I was saying, there are many individuals interested to take advantage of the situation. Cyber crime is a really good business and is growing fast. In fact, it seems to be the fastest growing business on the planet these days. There are estimations that speak of costs of around $100 billion every year associated to cyber crime. There are other estimations that speak of more but the general consensus is that those figures will continue to grow in the near future. Cyber crime costs do not refer exclusively to lost or stolen money. Of course, it's also about lost data, harm to the image and reputation of companies, lost market share, lost profit, disruptions to business operations, cost associated to restoring operations to normal, theft of intellectual property and so on. I speak here about potential costs for businesses for organizations, but obviously individuals can be targets for cyber attacks with more or less the same consequences as internet connection becomes faster and cheaper in every country, the number of users increases and at the same time is getting easier for cyber attackers. I mean, in the past, a hacker needed to be really good at writing code to develop his tools. A hacker needed to have great software skills but nowadays a cyber attacker can download ready made programs from the internet, sometimes even for free. So as you see, the effort and the sophistication from the cyber attackers decreases fast. Cryptocurrencies like the Bitcoin hide the identity of parties involved in transactions thus facilitating the activity of cyber attackers. Another major issue is that even if the attackers are identified, cross-border legal issues make it extremely difficult to prosecute someone from another country. So cybersecurity is meant to protect the information that is stored and transmitted using digital devices. Specifically, there are three major properties of information that have to be protected: confidentiality, integrity, and availability. We're gonna detail a little later about those three. But in fact, cybersecurity is in the end about protecting people, people who share and store information. And there are three major directions here: prevention, detection, and response. What is different in cybersecurity compared to any other activity, any other sector, things here change really fast. I mean, one year is a lot of time. Another important aspect that has to be mentioned is that cybersecurity costs money. And it may be difficult without the security incident to convince the senior management of a company to make a significant investment in cybersecurity because here the return of investment is the potential one by estimating potential costs associated with a security incident. Still, experience shows that acting reactively following an incident is far more expensive than being proactive and companies who had to deal once with a major security breach are far less likely to be hit again. This course is about cybersecurity guidelines for implementing this standard ISO 27001. It's an international standard developed by the International Standards Organization and it sets the requirements for an information security management system. So is there a difference between information security and cybersecurity? Sometimes in many contexts, in many situations they are used as synonyms. But the general understanding is that cybersecurity deals with the protection of data that is stored and transmitted electronically while information security is meant to protect information regardless of its form and support, like paper information. So as you see, information security is a little more broad as a concept than cybersecurity, but as information seems to be moving to electronic means almost completely, the true concepts seem to overlap.