Digital Threats and Information Security

Information security infractions and digital threats are more dominant than ever before. The “Target” Department Store in the US has suffered a massive Information security infraction in Dec 2013.  Hackers have stolen about forty million credit-card details. This is the latest high profile public commotion. However, organizations of all sizes suffer infractions on a daily basis. It is estimated that about 97 % of Fortune 500 companies have been hacked and probably the other 3% have too, they just do not know it. According to a survey on Information Security, the number of organizations reporting losses of more than $10 million per incident is up 75% from just two years ago. Increasing digital threats mean an information breach or cyber-attack is inevitable, regardless of the size of your business. A few years ago, hackers were attacking information systems mainly to prove their skills and abilities but now they are more organized and they are after your company’s assets.  The question is how to protect your company assets and reputation from such Digital Threats?

The only way to ensure your readiness for a digital threat is to build digital resilience into your information system. By combining the commonly accepted standards for cyber-security, ISO 19790, ISO 27001, ISO/IEC 24759 and business continuity, ISO 22301, organizations are able to follow a comprehensive approach to being resilient to digital attacks. These standards include recommendations for firewalls and encryption algorithms utilized. Would-be hackers are quite familiar with standard firewall procedures. They exchange and update their information almost daily through different communication channels. Some of your security personnel may have become complacent while the challenges are enormous. The same thing can be said regarding “standard encryption algorithms” where their keyspace has been dramatically reduced. The technologies developed in the nineties may prove to be inadequate for the type of computers available now in the marketplace. Therefore, Digital Resilience Preparedness Gear, we will call it DRPG, is essential for your organization information security. These standards will help your organization to implement an information security measures to operate in cyberspace while extenuating digital threats and risks.

In addition, state-of-the-art type-1 encryption algorithms such as Polymorphic and Metamorphic Ciphers surely guarantee better defense against nowadays’ digital threats. In Polymorphic and Metamorphic Ciphers, one can imagine the algorithm as a pseudo random sequence of operations that are totally key-dependent. Accordingly, most known attacks will be extremely difficult to launch since the attackers have no statistical clues. The algorithms utilize randomly selected low-level operations. Even the cipher designer has no clear idea what would be the employed sequence of these bitwise operations. The result of such an approach will be the creation of an immense number of wrong messages that conceal the only correct one. In these unexampled ciphers, designers have taken extraordinary care to thwart related key attacks and all known other cipher attacks. Designers have developed the ciphers and their associated one-way hash functions to be suitable for hardware implementation. This hardware implementation lends itself to voice and video real-time encryption applications. Thus ensuring that your digital communications are safe and secure. All of these measures will surely help your organization secure its information and prevent any data leakage.

A Sample of ISO IEC 27002

Information Security Standard

ISO IEC 27002 is a comprehensive information security standard.

It takes a very broad approach. In the context of this standard, 

the term information includes all forms of data, documents, 

communications, conversations, messages, recordings, and photographs. 

It includes all forms of information.

Security Policy Management

Provide management direction and support

Develop your information security policies

Review your information security policies

Corporate Security Management

Establish an internal information security organization

Allocate information security roles and responsibilities

Segregate conflicting duties and responsibilities

Personnel Security Management

Emphasize security prior to employment

Verify the backgrounds of all new personnel

Use contracts to protect your information

Emphasize security during employment

Expect your managers to emphasize security

Deliver information security awareness programs

Set up a disciplinary process for security breaches

Emphasize security at termination of employment

Emphasize post-employment security requirements

Organizational Asset Management

Establish responsibility for corporate assets                                                  

Compile an inventory of assets associated with information

Select owners for all assets associated with your information

Prepare acceptable use rules for assets associated with information

Return all assets associated with information upon termination

Develop an information classification scheme

Classify your organization’s information

Establish information labeling procedures

Develop asset handling procedures

Control how physical media are handled

Manage removable media

Manage the disposal of media