Cyber Security: Sharing the Knowledge

Cybersecurity and information Security Management greentick

Cybersecurity and information security management is the state or process of defending computers, network, systems, servers, mobile devices, and data from malicious attacks. In today’s world it is also very popularly known as Information Technology Security or Electronic information Security. A strong cyber security tends to have multiple layers of protection spread across the programs, networks, devices, and computers. Cybersecurity and information security management is important because it surrounds everything that concern to protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems from theft and damage.


In the modern era of technology, we come to hear a lot of news regarding cyberattacks and its negative impact faced by an organizations, employees, and consumers. The attacker makes a gateway through data centers, the cloud, the internet, and so on to gain access to data and information. These attacks create threats to the security of the sensitive data and can bring severe damage to the reputation and financial loss of any organization or the victims. The main challenge about these attacks is that they are never static cause attackers always apply new strategies to get intrusion into the system and do a malicious activity. The sectors which are at constant risks of data security are the Internet Of Things, Machine Learning, Artificial Intelligence, cryptocurrency, E-governments, and individuals.


National CyberSecurity Index

Meanwhile, globally United Kingdom ranks top for the cyber security. The National Cyber Security Index (NCSI) measures more than three-quarters of the courtiers’’ cyber security ratings in the worlds. The Ranking shows that Estonia has been gradually getting stronger in the cyber security. Within the past months, the Estonian Information System Authority has released “cyber security in Estonia 2020” that explains the landscape, responsibilities and activities of different public sector organizations protecting the digital state and society.


Information security management :Scenario around the globe

As talking about the world scenario of cyber security huge number of cyber-attacks and cyber-crime affects large business organizations. Daily employees and customers generate loads of data that establish a normal set of behaviors. An attacker will also generate data while using any number of the techniques to in filtrate the system; the main goal of the cybersecurity and information security management is to find the loop hole and stop it before it does any harm.


In Asia, Cybercrime is becoming a greater risk when doing business in Asia-Pacific as compared to North America and Europe. Rapidly growing connectivity and the skyrocketing pace of digital transformation exposes the Asia Pacific Region and make it particularly vulnerable to cyber exploitation. As stated by the reports from World Economic Forum cyber-attacks are ranked as the 6th most likely global risk over coming decade. Stakeholders in APAC must recognize the urgency for change and commence towards cyber flexible strategies and up to date solutions to prevent further high-loss attacks.


Ransomware attacks were also common security breaches with one in four organizations across the region experiencing an attack on a monthly basis. Approximately half of those affected indicated that they paid the ransom, however, nearly 40% of organizations that paid the ransom did not recover their files. When it comes to cybercrime, our research shows that there is no such thing as honor among thieves. If businesses choose to pay a ransom to criminals, they are taking a major gamble.


Cybersecurity and Information Security management in Nepal

The Nepalese citizens, as members of the Asian community, keeping privacy with high importance; more revolutionary security policies are expected. Security, as an important aspect of upholding privacy, that cyber users consider when performing online tasks. Security has been proven to be an important factor considered by computer and Internet users in Asia; many cyber users are raising concern regarding cyber security in the region, specifically Nepal.


In context of Nepal the major issues of Cybersecurity and information security management involve different actions and atonement of such criminal practices. Those are due to lack of proper policy and awareness. People are falling victim to various externalities. The issues range at different level of information breach to duplication of identity to fake information and manipulation. In most of the case due to lack of infrastructure and resources, the act goes unnoticed. People at times fail to report it and when they do report, concern authorities. Due to their negligible skills and behavior further rubble the situation.


Cyber-security issues in Nepal

As of now the major cyber security issues in Nepal are listed below:


  • Identity Fraud
  • Banking Frauds
  • Hacking
  • Cyberbullying
  • Online threats & Intimidation
  • Various form of Online violence Against Women
  • Revenge Porn
  • Copyright Issues
  • Social Media Crisis
  • Denial of Service Attack
  • Child online Protection
  • Lack of Awareness
  • Lack of Standardization and Proper Policy and Its Implementation and Continual Improvement



In most of the cases lack of awareness about the cybersecurity and lack of internet’s core value results cybercrime. The main Cyber Security issues occurs due to lack of Nepal Government turning a blind eye towards issues of internet governance process. The government fails to address any policy recommendation in terms of creating the proper procedures to manage the internet governance process in Nepal’s ICT industry. Due to this, the limitation of policy and mechanism has been obstructing the industry in terms of growth and development. Though there has been immense growth in terms of infrastructure when it comes down to working class level intervention the Government fails to create any impact. Public, private, and nonprofit entities in Nepal are all in the process of introducing Information and Communication Technology (ICT). To improve their reckoning performance, introduce in 2008.


As well as, the use of information infrastructures to improve overall internal administrative processes and procedures. The Source for Internet service provider (ISPs) has demonstrated that the number of the internet users has an annual incremental increase of 50%. Employee of business organizations use 30% of the Internet services in Nepal. Private users and international organizations use Internet services approximately 20% each. Furthermore, the number of computer users around rural areas is increasing. Due to the opportunities provided by local schools, colleges, and computer training institutes. (Source:


Solution for CyberSecurity problems in Nepal

However, cyber security policies in Nepal still cannot address the cyber security threats and issues in the country. There is no proper cyber law in Nepal. In case of an individual commits a cyber-crime, there is very little chance that the Nepal government can do in terms of enforcing the legal policies. The country’s cyber law progress move very steadily because email and computer transactions seemed to be not considered trustworthy by the government. Nepal do not utilize the same level of technology as other developed countries. Government of Nepal reliance that passwords can be easily guessed. Therefore, leading to the hacking of user’s accounts, which is largely due to outdated IT systems being used by high-profile government agencies. This practice triggers the attackers to hack into other’s profile and misuse the information committing the Cybercrime.


Attackers gain more profit if they breach the internal information of the large business houses. Hence, to defend the cybercrime and strengthen the Cyber security in your business. The following points need focus:


  • Security Framework and standard
  • Risk Assessment
  • Security Governance
  • Threat Intelligence
  • User Education
  • Security Operation
  • Security Engineering
  • Career Development