Alexandru-Ionut NITU

Academy of Economic Studies, Bucharest, Romania

Abstract

Cybersecurity is one of the most important subjects in the world of informatics these days. Attacks are more and more evolved and dangerous. It is the responsibility of organizations to protect themselves, understanding the threats, implementing security policies, training employees, and investing in application security. Data protection is important both from legislative point of view, and considering the huge risks caused by cyber-attacks. The severity of vulnerabilities is evaluated by the National Institute of Standards and Technology of United States. Considering the severity, a base point is set for future actions. Critical vulnerabilities require immediate attention, while a low severity my be resolved in next major update. Security management must be implemented at all levels, starting from servers, and continuing with data, network, ways of development and backups. Cybersecurity governance is responsible with mitigating vulnerabilities by implementing security policies for personnel, network security between devices, and security features developed designed for applications. The organization must ensure that periodically executes awareness actions for employees by training sessions or other approaches. The age of digitalization has allowed organizations to progress by improving effectiveness, but it has also generated an environment for the development of cybercriminals, creating countless opportunities for them. A first phase in reducing the risks associated with the field of informatics is to investigate the internal architecture and to become aware of the need for a dedicated protection team. Next, for each of them, an action plan must be set up to diminish the risks as much as possible.

Keywords: cybersecurity, cloud computing, GDPR
Shares