Cyber Hygiene is a term that is frequently evoked in cybersecurity circles, especially when there is a threat to our infrastructure or a data breach. Arun Vishwanath of New York believes it to be the elusive elixir of every cyber expert, that users cannot seem to have enough of. However, there is no specific recognized definition of what ‘Cyber Hygiene’ actually stands for, or even legitimate measurements on how much of cyber hygiene is actually enough to sustain our protection. But it appears on innumerable webpages on cybersecurity and is even followed by suggested practices on what users should or should not do to achieve and protect it.
Arun Vishwanath tried actively searching for a full definition, but instead ended up with many more questions. He unearthed Homeland Security Secretary Janet Napolitano’s use of the term to indicate ‘development of better user habits’. And his subsequent usage of it in articles and interviews caught the attention of similar experts in the industry. Soon it became a term used after a successful breach, reflecting the lack of it. Feeling the brunt of responsibility for bringing the term into popular usage, he decided to develop a quantitative metric system for measuring cyber hygiene, along with a team of CISOs, technologists, graduate students, and top-notch researchers from Singapore. Over the course of a year and a half, they conducted diligent research with interviews, quantitative tests, and surveys, finally releasing a 20-question Cyber Hygiene Inventory (CHI) that quantitatively assessed user cyber hygiene across five dimensions. The dimensions were Storage and Device Hygiene, Authentication and Credential, Facebook and Social Media, Email and Messaging, Transmission, all for You; candidly framing the acronym SAFETY. The overall range of CHI can be between 0-100, with a higher score indicating better cyber hygiene. A breakdown of these five dimensions gives us an accurate portrait of user cyber risk, and exactly which component has good cyber hygiene and which requires improvement. Comparison with other users will give us a comparative appraisal of our cyber hygiene and risk, and an overall picture of the organization as well.
For more information, please click on https://www.arunvishwanath.us/2019/10/01/how-much-cyber-hygiene-do-you-need/