Ensure vulnerability management

  • A cyber-attack is a deliberate attempt by external or internal threats or attackers to exploit and compromise the confidentiality, integrity and availability of information systems of a target organization or individual(s). Cyber-attackers use illegal methods, tools and approaches to cause damages and disruptions or gain unauthorized access to computers, devices, networks, applications and databases.
    Cyber-attacks come in a wide variety and the following list highlights some of important ones that criminals and attackers use to exploit software:

    Malware
    Ransomware
    Injection attacks (e.g., cross-site scripting, SQL injection, command injection)
    Session management and Man-in-the-Middle attacks
    Phishing
    Denial of service
    Privilege escalations
    Unpatched/Vulnerable software
    Remote code execution
    Brute force
    The National Cyber Security Alliance, through SafeOnline.org, recommends a top-down approach to cyber security in which corporate management leads the charge in prioritizing cyber security management across all business practices. NCSA advises that companies must be prepared to “respond to the inevitable cyber incident, restore normal operations, and ensure that company assets and the company’s reputation are protected.” NCSA’s guidelines for conducting cyber risk assessments focus on three key areas: identifying your organization’s “crown jewels,” or your most valuable information requiring protection; identifying the threats and risks facing that information; and outlining the damage your organization would incur should that data be lost or wrongfully exposed.

    MOre info: network automation