N is for …

Network

This is an often used phrase, but what exactly is a network? In its simplest form, it is several computers connected to each other. In a single building, these would typically form a Local Area Network (LAN), or if several offices are connected together these would be called a Wide Area Network (WAN).There are several different network components, such as routers, switches and firewalls. These will be explained in the relevant posts on this site.

Non-repudiation

Non-repudiation means that an event or action can be attributed to a person or process and cannot be denied.

This is a cornerstone of information security, but doesn’t attract the same attention as the CIA triad for example. Without it, it would be impossible to prove without doubt who was responsible for something.

One of the reasons you typically have a unique username and password at work is so that audit logs can show what actions were carried out using your account. If you share your password with others, then it is difficult to prove that you were the only one using your account. This can have negative as well as positive connotations, but we’ll look at them when we talk about passwords.

I is for…

Integrity

Along with confidentiality and availability, integrity makes up what is known as the CIA triad, the three main pillars that Information Security is built on.

Integrity is all about making sure that data has not been changed or tampered with by unauthorised people. For example, if someone was able to access a hospital’s systems and change a medicine dosage from 30mg of a drug to 3g, it could have potentially fatal consequences: that’s a change to the integrity of the data.

Internet

Ok, I know we all use it (at least to visit this website) but what exactly is the internet? It’s a group of computers which are all connected through a variety of technologies. Crucially, the Internet specifically refers to computers which are not on the same local network (your business computers within one office building are probably on the same local network) and are not within the same business.

The internet is the way that unrelated computers are connected to each other: it’s what allows you to browse to this website, to use Google or Bing (or other search engines) to find information that interests you not only in the Surface Web, but also in the Dark Web and the Deep Web.

Internet of Everything

The IoE, Internet of Everything, is exactly what it suggests. It’s used to refer to anything that is connected to the internet, irrespective of whether it’s a traditional computer, smartphone or one of the devices that make up the Internet of Things.

Internet of Things

There are many things other than your PC, laptop or server which are connected to the internet. Commonly referred to as the IoT, the Internet of Things is made up of all the other connected devices, such as your smart TV, your smart energy meter, some toys, perhaps your CCTV so you can check who’s in your house when you’re away, but also industrial control systems like the heating controls for office blocks, pumping stations on pipelines etc.

These are all connected so that people don’t physically have to be present to monitor and operate the controls: they connect to the Internet and make whatever changes are necessary remotely.

Intranet

An intranet is a network used to provide information within an organisation. It most likely include sections with HR documentation, IT support contacts, social events, marketing information, policies and procedures, health and safety and news about the company among other things. It’s not intended to be viewed by anyone other than employees, hence it is not available to the wider world.

iOS

This is the Operating System used by Apple mobile devices like iPads and iPhones. It’s the software that allows applications on the devices to “talk” to the device itself. It means that developers don’t have to write code to talk directly to the device, but instead use a common platform with a common set of instructions which talk to the device on their behalf.

Business Continuity

This is a huge topic, one that spills out beyond the confines of cyber- and information security. Put simply, it’s all about making sure that your business can get back up and running and / or keep going in the event of some sort of disruption. 

That may be due to floods or other natural disasters, accidents eg power failure if the electricity supply is damaged by digging in the roads outside, deliberate attack eg theft of key equipment, terrorism etc. The list goes on – whatever it is that stops you getting into your offices / place of work and / or being able to work. 

Information security is based on three key tenets, namely the Confidentiality, Integrity and Availability of data. Business continuity is all about ensuring the Availability of data. 

Business continuity includes Disaster Recovery, which is generally seen as getting your IT back up and running. Business continuity also includes things like making sure your staff know where to go if they can’t get to your office, making sure key office space is available when you need it including desks and chairs, making sure that things like Health and Safety requirements at any alternate location are taken into account – and so on…

So what do we need to think about in terms of cyber security? Well, you may not have all staff working at an alternate site, and they may not be using equipment that is familiar to them. You may have had to rebuild networks and servers, but have you also made sure that users only have access to the systems and data they need access to? In your normal place of work, if you restricted access to removable media, are the same controls in place at your new location? What about physical access to your new premises? Is that controlled? If users are accessing systems using remote access solutions, have those solutions been tested to ensure data isn’t able to leak?  

Good practice would be to test your business continuity plans on a regular basis. This may be through some sort of tabletop exercise i.e. you get all interested / responsible parties together and talk through what would happen and how if there was disruption at your normal offices. This is a good thing to do, but if possible your should physically test your plans too. Try getting your staff to go to your alternate site, and see if they can do their jobs from there. That’s a great way of checking your IT and communications are in place and working as expected.

The most important thing to remember if you do test things out is that it’s OK to fail. In fact, expect to fail. It’s better to find out where any issues are at this stage rather than when you need them in anger.