Cyber Hygiene Security Framework
Cyber Hygiene Security Framework program is a first co-investment initiative by MSC Cyberport Johor (Malaysia), CREST-International and iTGRC Asia started in March 2018. The objective is to create a cyber security standard that meets the international requirements, yet easily adopted by markets in accordance to domestic conditions such as; economies of scale, culture, consumer behavior, business practices, local regulatory requirements etc.
It’s aims to increase the awareness of cyber risk, internet security and business resilience to cyber exposure (crime and attack, external and internal). Nevertheless, factors such as cost, market competencies, industries trends, government or regulatory requirements play a significant role in driving its success in the region. Whether it's for individual, government and public sectors, SME or corporate Cyber Hygiene program sets its goals at making cyber-security affordable, achievable, market oriented, segments targeted as well as recognized and respectable.
Gain a lot more mileage for your business by staying cyber secured and resilient with cyber hygiene program. Let your customers keep coming back to you.
Come and experience Cyber Hygiene program with us. Contact us at email at information@itgrc.asia to find out more
______________________________________________________________________________________________________________________________________________________________
The following captures excerpt from multiple open sources about Cyber Hygiene (Disclaimer).
"... Cyber hygiene is a fundamental principle relating to information security and, as the analogy with personal hygiene shows, is the equivalent of establishing simple routine measures to minimise the risks from cyber threats. The underlying assumption is that good cyber hygiene practices can drive increased immunity across businesses reducing the risk that one vulnerable organisation will be used to either mount attacks or compromise a supply chain..."
A good cyber hygiene practices stems from a standard approach
Unfortunately, these good practices are rarely fully implemented across business sectors and this creates a gulf between the “theoretical” guidance from the standards and the “practical” experience of small-medium business owners and managers. This, thus has led to some confusion between standards.
______________________________________________________________________________________________________________________________________________________________
Cyber Security Awareness
Organisations without a dedicated, and separate, IT function demonstrated very limited understanding around cyber security. On a business to business line where all organizations operate, be it large or small, there is a tendency to implement controls as required by contracts and for business to customer organisations, there doesn’t appear to be a clear driver around why security adds value. This has been apparent among small and media business, thus making them abandon the needs to secure their valuable assets and protecting their business and their relationship with customers.
______________________________________________________________________________________________________________________________________________________________
Conflicting and Competing regulatory requirements, and policy
Although there is foundational overlap between the various national standards, there are sufficient differences that most small and media organisations, especially those without dedicated IT resources, find it challenging to map between standards. As as result, the scenario creates challenges for organisations seeking to deliver goods or services across geographical borders, part of the larger supply chain, assuming compliance in one country isn’t the same as compliance in another.
______________________________________________________________________________________________________________________________________________________________
Cost elements of Cyber Security appear to be expensive and unjustifiable for it's priority over others
Profitability and profit margins are the overwhelming concern for every business today. The perception that following any sort of good security practices will eat up the profits instead of giving them the cutting edge to win in the market.
In view of the cost, it's is likely to be the ultimate deciding factor for any organisation considering adopting a cyber hygiene program. While the lifetime cost of any program might be significantly less than the cost of a breach, which is far more than the cost of implementation and maintenance, it is still unlikely to sway small businesses concerned about immediate cashflow.
______________________________________________________________________________________________________________________________________________________________
Cyber Hygiene Security Framework (CHSF)
CHSF primary scheme places emphasis on the rationale to reduce the complexity of adoption. It presents the fundamental risk assurance to do business within domestic market or across the border. CHSF primary rides on the two key pillars of NIST framework and places emphasis on "Identify and Protect". It focuses on business needs and priority, key assets of an organization such as users, devices, data storage. The protection pillar covers the basic secured-configuration of devices, firewall or gateway, and further enforce data security through data access control and account/password management.
The Cyber Hygiene Security Framework for ASEAN is powered by CREST-International, MSC Cyberport Malaysia and iTGRC Asia.
______________________________________________________________________________________________________________________________________________________________
Extract are from open sources such as NIST/ENISA and several others. All copyright reserved. Please refer to their respective sites for terms, Legal and private statement. Where in doubt or any query, please contact us at email: information@itgrc.asia