Industrial Training and Assessment Center > Resources > Cybersecurity >

Online Safety and Cybersecurity Fundamentals

Online Safety and Cybersecurity Fundamentals

Most plant operations managers are not cybersecurity experts, but can benefit from a basic understanding of cybersecurity risks and mitigation activities. A guidance document provided by NIST, NIST Small Business Information Security: The Fundamentals, provides a thorough and easily readable overview of cybersecurity basics.

As a first step, organizations need to understand their cybersecurity risks, to determine where the organization is vulnerable and may be subject to disruption of systems and processes. Organizations can use helpful checklists from the NIST document, or other cybersecurity assessment tools, to conduct the following activities:

  • Identify what information your business stores and uses.
  • Determine the value of your information.
  • Develop an inventory of technologies used to store and process information.
  • Understand your threats and vulnerabilities.

Once risks are understood, organizations can determine appropriate mitigation activities. Example activities are shown below, grouped into the five broad categories of the NIST Cybersecurity Framework:

IDENTIFY

  • Identify and control who has access to your business information
  • Conduct background checks
  • Require individual user accounts for each employee
  • Create policies and procedures for information security.

PROTECT

  • Limit employee access to data and information
  • Install surge protectors and uninterruptible power supplies (UPS)
  • Patch your operating systems and applications
  • Install and activate software and hardware firewalls on all your business networks
  • Secure your wireless access point and networks
  • Set up web and email filters
  • Use encryption for sensitive business information
  • Dispose of old computers and media safely
  • Train your employees.

DETECT

Install and update anti-virus, -spyware, and other –malware programsMaintain and monitor logs.

RESPOND

Develop a plan for disasters and information security incidents.

RECOVER

  • Make full backups of important business data/information
  • Make incremental backups of important business data/information
  • Consider cyber insurance
  • Make improvements to processes/procedures/technologies.

 


Resources