Cyberlink Security
  • home
  • services
  • about us
  • blog
  • get in touch
  • home
  • services
  • about us
  • blog
  • get in touch

Cyberlink Security

Solutions to make your life easier

What do I need to protect with cybersecurity?

cyber 6

In the previous posts we looked at why we need a cybersecurity strategy and what the scope of this strategy should be. Answering this question brings us automatically to the next, which is:

What should we protect?

This can be answered relatively easily by identifying your assets within the scope of your cybersecurity strategy. What has value to you, and your stakeholders, within this scope?

To identify these assets, just follow the steps laid out in most ISMS implementations – there is no real difference between an ISMS or your cybersecurity strategy here. The easiest assets to start with are, obviously, all your tangible assets like computer systems, network equipment, licenses, credentials for accessing your cloud provider and many more.

Things get more interesting when you have to identify your intangible assets. To begin with, you should cast the net as wide as possible and then eliminate any non-essential assets from that haul. You will probably find assets like software, reputation and maybe even search engine rankings and industry scores in this list.

But look a little beyond these obvious ones. Most (smaller) companies I know that provide specialized services often have a SPOK (Single Point of Knowledge). This is the person who knows everything about the software or process that is at the core of their business. The SPOK is often one of the first people to start working for the company and as the company grows, so does their involvement and therefore their ‘SPOKness’. Making sure that knowledge and expertise is shared within the company is both better for the company (‘what if the SPOK falls ill?”), and better for the SPOK as well (‘I really could do with a holiday’).

The second area of interest comes into play when you are part of a supply or value chain. You may be ‘just’ a small step in the whole chain, but your organisation handles valuable assets nonetheless. And although these assets are not technically yours, you still need to protect them while you are handling them. You may need to store them, or add some value to them, but in all cases you must be sure that they are properly protected and their confidentiality, integrity and availability can be guaranteed.

To be able to identify how critical an asset is, you should always ask yourself the ‘what if’ questions: ‘What if the asset is no longer available?’, ‘What if I can no longer rely on the

integrity of my asset?’ and ‘What if my asset has been disclosed without my consent?’. If your business is seriously impacted when answering one or more of these questions, you have probably found a critical asset (tangible or intangible) and you need to take measures to protect it.

This brings us to the conclusion of this post, and makes a nice bridge to the next one. In the next post we will look at what we are protecting our assets from. What are threats, vulnerabilities, impacts and risks?

Until next time, as always, stay safe!

Arthur Donkers 

Related Articles

  • Cork University Hospital Cybersecurity
    Ransomware attack on Cork University Hospital computers
  • hacker for cc
    Will quantum computers break today's encryption?

Recent Posts

  • Ransomware attack on Cork University Hospital computers
  • Will quantum computers break today’s encryption?
  • A look into GDPR and the late Easy Jet Breach
  • What am I protecting my cybers from? (part 2)
  • Are the browser wars over?
  • Why so many bitcoin scams? They are cheap, easy, and efficient to execute.
  • What does it take to build good pentest boxes to test cyber security skills?
  • What am I protecting my cybers from? (part 1)
  • What do I need to protect with cybersecurity?
  • Why are we seeing such high profile failures of cybersecurity?
  • What happens to my cybersecurity if I use cloud services to outsource my IT?
  • Who are my Cyber Stakeholders?
  • Why should my organisation have a cybersecurity strategy?
  • Is ISO27001 a good basis for your Cyber Security Strategy?
  • PECB United Kingdom has signed a partnership agreement with CyberLink
  • Four reasons why traditional information security fails in agile environments
  • Vulnerabilities to exploit a Chinese IP camera
  • Verizon issues their 2020 Mobile Security Index report
  • Why Traditional Information Security Fails
  • Why is Cyber Security Important?
We use cookies to ensure that we give you the best experience on our website. You can choose to accept or decline. OkNo Thank You