Everything has an importance in computer security. The use of reliable hardware means any device designed to offer a series of facilities that allow safe handling of critical information. In the case of Software, it is necessary to have an antispyware system, antivirus, well-configured firewall, backup copies and even a remote backup system that allows the information to be kept in two locations asynchronously. It is also necessary a good control of the network and the installed software. Users must have passwords that are difficult to find out, make sure operators have the proper permissions, restrict access to unauthorized personnel, etc. This is just the basics, there is much more that can be done, considering that a system is never 100% safe.

All of the foregoing implies that cyber information is secured

best regards.

Prior to know the "how", one should know "what" data/information to be protected. Then perform the risk assessment so that the organization can create security policies to protect the data.

Ref: Knapp, K. J., Morris, R. F., Marshall, T. E., & Byrd, T. A. (2009). Information security policy: An organizational-level process model. Computers & Security, 28(7), 493-508.

There are a few articles illustrating the "how" to manage in cyber and information security:

Cárdenas, A. A., Amin, S., Lin, Z. S., Huang, Y. L., Huang, C. Y., & Sastry, S. (2011, March). Attacks against process control systems: risk assessment, detection, and response. In Proceedings of the 6th ACM symposium on information, computer and communications security (pp. 355-366). ACM.

Ralston, P. A., Graham, J. H., & Hieb, J. L. (2007). Cyber security risk assessment for SCADA and DCS networks. ISA transactions, 46(4), 583-594.

Landoll, D. J., & Landoll, D. (2005). The security risk assessment handbook: A complete guide for performing security risk assessments. CRC Press.

I would think that the lack of appropriate/effective policy is the weakest link to protect data that operate on hardware, software, network, and people.

According to me the creation and use of organizational data protection policy is more important .

Best regards,

Roumiana

Agree, the creation and use of organizational data protection policy is very important in any type of organization, as well as the legal ties that may resolve from breaking any of these policies. Given the complexity and pervasive nature of Human Factor, people may be considered to be the weakest link according to number of Cyber Security Establishments. Human Factor as visible and present may at the same time be completely invisible and unnoticed, while most of the law abiding colleagues may follow the policies and regulations. One weakest link not identified properly and at the right time may have dramatic impact on whole business operation.

Eduard,

You are absolutly right.

Best regards,

Roumiana