Situation

Cyber-security is a hot topic right now, justifiably so considering that cyber-crime damage costs are expected to hit $6 trillion annually by 2021, and global spending on cyber-security products & services is predicted to exceed $1 trillion over the next 5 years (per Gartner).

However, it’s not unusual for executives to misunderstand effective cyber-security risk management. They often consider it an issue for IT to deal with, when in fact it is an enterprise-wide issue.

That being said, how would an executive know if their business is protected? Where would they begin if it was necessary to implement a new cyber-security program and strategy?

In our work with all types of businesses, we’ve observed that effective cyber-security risk management must include the following:

  1. Proven and Effective Framework – A framework should be adopted that is relevant to an organization’s particular industry, circumstances and data. Executives need to establish governance within the organization’s people, process and technology.
  2. Comprehensive Scope – A cyber-security program must protect all data within the organization, and plan for its resiliency accordingly. An organization can only be effective in risk management if it considers everything from end-user devices to third-party vendors within the program scope.
  3. Risk Assessment and Threat Modeling – Identify risks to your organization, prioritizing effort and resources based on likelihood and its potential damage to the business.
  4. Proactive Response and Recovery Planning – It’s important to understand that your systems will be breached eventually, it’s a matter of “when” not “if”. Therefore it’s critical to take a proactive approach within recovery capabilities and incident response planning. Consistently test, re-mediate, improve and train all resources within your response and recovery systems.
  5. Dedicated Cyber-security Resources  Establish clearly defined roles and responsibilities for the implementation, management and maintenance of the organization’s cyber-security program.

How many critical cyber-security components does your organization have?

Categories:
Top 5 “Must-haves” in any Cybersecurity Strategy

Top 5 “Must-haves” in any Cybersecurity Strategy

read previous post
Top IT takeaways from the JP Morgan 2018 Healthcare Conference

Top IT takeaways from the JP Morgan 2018 Healthcare Conference

read next post