What is Cybersecurity?
- Thread starter Sam.F
- Start date
Sam.F
Involved In Discussions
Thank you everybody : ). So is online software safe to use? We have a couple. Like Q-pulse for AS9102's. DBA software (ERP). Microfile for uploading material certs. Some use online hosting, some are Microsoft windows based. Is each software need to be certified to ISO IEC 27001 or something else? So we can use them. Sorry for so many questions.
Its not about software (much) its about a number of controls on your computer systems and the vulnerabilities to security breeches. They (vulnerabilities that is) can range from unhappy employees deleting files off the network to full-on ransomeware because the organization hasn’t got a clue about how to reduce the risk of such an attack. Information security involves many aspects including inventorying your computer assets (hardware and software) knowing their vulnerabilities (Windows 97 or XP for example are insecure), making certain your firewall and utilities are running all available security upgrades, that your personnel understand how to recognize cyber threats like phishing attacks etc and how to respond, that your systems can quarantine associated threats, back ups and more!
Is there an IT person in your company that you can talk to?
I wouldn’t rely on that alone. Some (many) have only a very narrow understanding. Better to research an authoritative web resource such as Cybersecurity and NCSC
Cari is giving you good advice - someone in your IT group should have enough knowledge about the security measures for the types of software you are discussing. Of course you may be from a small company that hasn’t hired an IT person who is knowledgeable about cyber security in which case Funboi’s resources are a good start.
Does your organization not have a cyber security expert? Are you being asked to do this in addition to your QA duties? Or are you just not aware or comfortable with what your IT group is doing? This matters as to what advice we can - or should - give you…
Cyber Security is a complex and continually evolving specialty within IT technologies. It is as specialized as tax law, electrical engineering or quality engineering….for example. It is very difficult to become expert enough in these subjects or cybersecurity from asking a few questions on a forum such as this or from reading a few web sites - no matter how reputable they are….or as a colleague of mine used to ask: would you perform heart surgery on yourself after watching a couple of you tube videos about how to do it?
My last organization Used a lot of cloud based software and had a lot of internet based communication with very sensitive data. We had a swarm of cyber security experts who were continually working to keep us secure…
Does your organization not have a cyber security expert? Are you being asked to do this in addition to your QA duties? Or are you just not aware or comfortable with what your IT group is doing? This matters as to what advice we can - or should - give you…
Cyber Security is a complex and continually evolving specialty within IT technologies. It is as specialized as tax law, electrical engineering or quality engineering….for example. It is very difficult to become expert enough in these subjects or cybersecurity from asking a few questions on a forum such as this or from reading a few web sites - no matter how reputable they are….or as a colleague of mine used to ask: would you perform heart surgery on yourself after watching a couple of you tube videos about how to do it?
My last organization Used a lot of cloud based software and had a lot of internet based communication with very sensitive data. We had a swarm of cyber security experts who were continually working to keep us secure…
Who said rely on that alone?
Anyway, if a company in the US is doing defense work, compliance to NIST 800-171 is required per DFARS 252.204-7012, and some customers may flow down additional requirements. In my company, our IT manager is the expert and responsible for ensuring compliance. In a smaller company I worked for in the past, we contracted an outside expert.
Anyway, if a company in the US is doing defense work, compliance to NIST 800-171 is required per DFARS 252.204-7012, and some customers may flow down additional requirements. In my company, our IT manager is the expert and responsible for ensuring compliance. In a smaller company I worked for in the past, we contracted an outside expert.
Last edited:
No, the DoD does not require ISO27001 registration; however, it could be a customer requirement.
No-one, but if you don’t know what you don’t know, how do you know someone else knows what you must know? Research helps.
Sam.F
Involved In Discussions
They only visit us when there is problems with the computers. They dont work full time with us. Sometimes they work remotely.
Similar threads
