Please enable JavaScript.
Coggle requires JavaScript to display documents.
Cybersecurity and Incident Management - Coggle Diagram
Cybersecurity and Incident Management
Internal Threats
System Vulnerabilities
Organisational vulnerabilities
Software vulnerabilities
Operating system vulnerabilities
Network vulnerabilities
Mobile device vulnerabilities
Process vulnerabilities
Physical vulnerabilities
Cloud/IoT vulnerabilities
Legal Responsibilities
Data Protection Act (1998)
Personal data shall be accurate and, where necessary, kept up to date.
Personal data shall not be kept for longer than is necessary for its purposes.
Personal data shall be adequate, relevant and not excessive.
Personal data shall not be kept for longer than is necessary for its purposes.
Personal data shall be obtained only for one or more specified & lawful purposes.
Appropriate technical and organisational measures shall be taken to protect data.
Personal data shall be processed fairly and lawfully.
Personal data shall not be transferred to a country or territory outside the EEA without adequate protection.
Computer Misuse Act (1990)
Unauthorised access with intent to commit or facilitate commission of further offences. This could be using the data obtained by hacking to blackmail someone. This can be punished by up to 5 years in prison and/or a large fine.
Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of a computer. This could be altering the data found when hacking a system, or spreading a virus which damages data. This can be punished by up to 10 years in prison and/or a large fine.
Unauthorised access to computer material. This is covering the hacking of a computer system. This can be punished by up to 2 years in prison and/or a large fine
Telecommunications Regulations (2000)
Individuals, including employees of a business, have a right to privacy. This is protected under the Human Rights Act (1998).
Fraud Act (2006)
Fraud by failing to disclose information
Fraud by failing to disclose information
Fraud by false representation
Health & Safety at Work Act (1974)
Maintain the workplace in a condition that is safe & without risks
Provide and maintain a work environment that is without risk to health and provide facilities and arrangements to ensure employee welfare
Provide information, instruction, training and supervision to employees of risks
Provide a health & safety policy
Provide arrangements for ensuring safe handling, storage and transport of articles and substances
Consult with employees, or elected representative, over risks.
Provide a safe system of work
Cyber Security Threats
External Threats
Sabotage by individuals, terrorist organisations, companies and governments
Hacking by individuals, companies and governments
Malicious software (malware)
Social engineering techniques used to deceive people into giving out information
Impact of Threats
Reputation Loss
Operational Loss
Intellectual Property Loss
Financial Loss
Internal Threats
Weak cybersecurity measures and unsafe practices
Accidental loss or disclosure of data
Employee sabotage and theft of data and/or physical equipment
Unauthorised access by employees to secure areas and administration functions