AST Logo


Cyber Tips

cybersecurityWhat is Cybersecurity?

As the term cybersecurity grows in popularity so does confusion about what it means. People commonly use the phrases information security, operational technology (OT) security, and information technology (IT) security interchangeably with the term cybersecurity. Relaxed usage of this catchy term creates confusion as to its actual meaning. Many people do not
understand the full scope of what cybersecurity truly is.

Cybersecurity is the act of protecting all technologies associated with information technology. This includes computer systems that process and store information, computer networks that allow computers to communicate, computers that control industrial processes and building automation, and telecommunication systems.

In fact, Cybersecurity includes security elements from all information technology disciplines with the overall goal of promoting data confidentiality, integrity, and availability.

Information security is a broad topic that touches information stored in both digital and analog formats. In the realm of digital information technology is the security of systems that process and store digital data. Even beyond information technology is operational technology, which controls mechanical systems such as air conditioning and the power grid.

Sometimes cybersecurity even extends to lawful offensive security operations against adversaries: i.e. hacking into a system, known to source attacks, in order to stop attacks.

CSF Core (PDF)


Best Practices to Protect You, Your Network, and Your Information

The National Cybersecurity and Communications Integration Center (NCCIC) and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration and mitigation actions.

During NCCIC’s recent work, following best practices proved extremely effective in protecting networks, the information residing on them, and the equities of information owners. The recently updated National Institute of Standards and Technology Cybersecurity Framework highlights best practices.

Cybersecurity is a risk management issue. Our experience demonstrates that individuals and organizations may reduce risk when they implement cybersecurity best practices. The following are examples of best practices you should consider implementing today as part of your cybersecurity strategy:

  1. Implement Two-Factor Authentication: Two-factor authentication works to significantly reduce or eliminate unauthorized access to your networks and information.

  2. Block Malicious Code: Activate application directory whitelisting to prevent non-approved applications from being installed on your network.

  3. Limit Number of Privileged Users: System administrators have privileged access that gives them the “keys to your kingdom.” Limit system administrator privileges only to those who have a legitimate need as defined by your management directives.

  4. Segment Your Network: Don’t put all your eggs in one basket by having a “flat network”. Use segmentation techniques so that if one part of your network is breached that the integrity of the rest of the network is protected.

  5. Lock Your Backdoors: Third parties that share network trust relationships with you may prove to be an Achilles heel by serving as an attack vector into your network. Take action to ensure that all network trust relationships are well-protected using best practices. Have a means to audit the effectiveness of these defenses. Consider terminating or suspending these relationships until sufficient controls are in place to protect your backdoors.

For more information on cybersecurity best practices, users and administrators are encouraged to review US-CERT Security Tip 13-003: Handling Destructive Malware to evaluate their capabilities encompassing planning, preparation, detection, and response. Another resource is ICS-CERT Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies.


hackerAs the cyber threat landscape changes, the steps required to protect your devices and information also changes. Steps need to be taken to protect your devices, but growing importance is also being placed on how you alter your cyber behaviors. Both aspects of cyber hardening are critical and go hand-in-hand with each other. 

Cyber Safety Tips:

1. Think before you click – images and ads can now contain malware.

2. Protect data that can be used to steal more data about you.

3. Patch your devices and software.

4. Use strong passwords; and try to use different, stronger passwords for financial and health systems.

5. Don’t share devices and accounts.

6. Backup your files – bad cyber actors will try to lock them and make you pay to retrieve, it's easier and cheaper to recover from a backup.

7. Use secure connections – protect your data while it passes through cyber-land.

8. Install protective software – use desktop firewalls, antivirus, and other services that can help you protect your data.

9. Be aware of emerging threats and attack vectors – know what they want, how they will attempt to steal it, and what they may do with it.


Security News & Tips Archive


Sitemap for AST.MyFlorida.com
2016-2017 Annual Regulatory Plan
AST Home
About AST
AST Organization Chart
Chief Information Security Officer Bio
Chief Operations Officer / State Data Center
Chief Technology Officer Bio
Contact Us
Cybersecurity News (CISO)
Cyber Tips CISO)
Employment Opportunities
Florida Cybersecurity Newsletters (CISO)
Legislation
Legislative Budget Request FY 2015-16
Long Range Program Plan 2016-2017
Media
Meetings - Interactive Calendar
Office of the Chief Information Security Officer
Office of the Chief Planning Officer
Office of the Chief Technology Officer
Office of the Deputy Executive Director

Office of the Executive Director / State CIO
Office of the Executive Staff Director
Office of the General Counsel
Office of the Inspector General
Parent Guides (CISO)
Privacy Policy (CISO)
Professional Associations
Project Assurance
Project Oversight
Publications
Research Planning

Quarterly Oversight Reports
Security Training and Awareness Resources
Service Catalog
Social Media Smart Cards
State CIO Bio
State Data Center Customer Portal
Strategic Planning
Technology Advisory Council
Legal
Privacy Policy
Public Records
ADA Compliance / Accessibility

PDF logo Adobe Reader Download

 

Florida Government
MyFlorida.com
Florida Has a Right to Know
Governor Rick Scott