“各种规模的企业在网上运营时都会面临潜在的风险,因此需要考虑他们的cybersecurity,,,,” she said. “Small businesses may even be seen as easy targets to get into bigger businesses through the supply chain or payment portals.”
Toth是Nist的主要作者小型企业信息安全:基本面。该指南是为没有网络安全经验的小型企业主编写的,并解释了他们可以采取的基本步骤以更好地保护其信息系统。
“许多小型企业认为网络安全太昂贵或困难;小型企业信息安全是为他们设计的。”“实际上,他们可能会损失更多的组织,因为网络安全事件可能会昂贵并威胁到他们的生存。”实际上,国家网络安全联盟发现,在网络攻击后的六个月内,有60%的小公司关闭。
The new NIST publication walks users through a simple risk assessment to understand their vulnerabilities. Worksheets help them to identify the information they store and use, determine its value, and evaluate the risk to the business and customers if its confidentiality, integrity or availability were compromised.
该指南基于NIST改善关键基础设施网络安全的框架,,,,which was issued in 2014 as part of efforts to protect the nation’s critical infrastructure. The framework’s processes and tools provide key standards and best practices developed over decades by the federal government and industry. Its simple language allows organizations to better communicate, and its overall design helps them identify, assess and manage cybersecurity risks.
For example, the new guide describes how to:
- 限制员工访问数据和信息;
- train employees about信息安全;
- 创建波利奇y and procedures for information security;
- encrypt data;
- 安装网络和电子邮件过滤器;和
- patch, or update, operating systems and applications.
其他建议可能需要新设备,该指南可以帮助企业执行成本/收益分析。Toth说:“我们建议通过云服务提供商或可移动的硬盘驱动器备份数据并将备份远离办公室,因此,如果有火灾,您的数据将是安全的。”如果计算机断开或恶意软件感染系统,则可以使用备份来恢复数据。
该指南还建议:
- installing surge protectors and uninterruptible power supplies to allow employees to continue to work through power outages and to save data;
- 考虑购买网络安全保险;和
- 寻找信誉良好的网络安全承包商的方法。
提交以下:Industry regulations,,,,Cybersecurity,,,,电涌保护
