Abstract:

We all agree, cybersecurity aims to protect information assets in the cyberspace. So any information that has value to the organization and therefore needs protection is an asset. Can be a contract, can be a database, can be intellectual property, can be personal information and so on. To create a list of cyber threats is complicated. It would be a very long list. Some examples include theft of information, ransomware, user error, equipment malfunction, data manipulation, malware infestation, denial of service. Attackers can have political or religious motives, they can act for money, they can act for fun, they can act to show their skills. The other concept, vulnerabilities, represent weaknesses that can be exploited by threats. A military organization has to identify threats and vulnerabilities. And when it comes to cybersecurity, there usually is a positive attitude and we mean, top management understands the risks that come along with technology. However, understanding how things stand and actually doing something are two different things. The main goal of this study is finding optimal solutions for understand and assess security risks and to implement controls.