Menu
Organisations should establish a measurable cyber security program. The program translates the Cyber Security strategy into action, driving initiatives and continuous improvements in cyber resilience. The steering committee oversees the cyber security program.
In general, point solutions generally are not effective. The same holds true for cybersecurity. The best approach to being both secure and compliant is to manage cybersecurity and privacy requirements as an ongoing program.
According to a Ponemon 2018 Cost of a Data Breach Study, “organizations that fully deployed security automation saved $1.5 million on the total cost of a data breach.” But cybersecurity automation is also “a missed opportunity,” according to another Ponemon study conducted on behalf of IBM, which found only 23% of respondents were significant users, while 77% reported using automation only moderately, insignificantly, or not at all.
A positive cyber security culture of awareness and accountability is driven by the board. The existing culture should be recognised but influenced by a demonstrated commitment to achieving cyber resilience. The development of a cyber security strategy can promote cultural change, showing the relationship between the organisation’s vision and cyber security. A positive cyber security culture also includes supporting everyone in the organisation to play their part in protecting the confidentiality, integrity and availability of the organisation’s information assets and systems.
Achieving effective cyber security governance requires defining and establishing the organisation’s cyber security roles and responsibilities. After they are created, consider at what level in the organisation they need to be performed. In smaller organisations, most cyber security functions may fall to a single person. In such cases, it is even more important for senior leaders to ensure cyber security duties are realistic, clearly understood, and well communicated. Everyone in the organisation should understand their role in supporting effective cyber security.
Effective risk management is a core component of governance and must be embedded within the organisation. A framework is needed to effectively identify, analyse, evaluate, and manage cyber security risks. The framework supports consistent decision-making and prioritisation within an organisation, maximising the benefit of investment in cyber security. If an existing risk framework or methodology exists, cyber security should be aligned to this framework.
Translating a cyber security strategy and vision into action requires the buy-in and support of the wider organisation. This can be achieved by establishing a committee containing key stakeholders from across the business. The main objective of the steering committee is to achieve consensus and align cyber security priorities with the organisation’s objectives. Steering committees are most effective when they contain representatives who can make decisions on resource allocation, prioritisation, and direct cyber security activities.
Organisations should establish a measurable cyber security program. The program translates the Cyber Security strategy into action, driving initiatives and continuous improvements in cyber resilience. The steering committee oversees the cyber security program.
The effectiveness of cyber security activities should be accurately measured, assessed, and reported. These actions indicate the current cyber resilience of an organisation and progress made through the cyber security programme. Measurement and reporting are vital to good governance, enabling informed decision-making and sustainable investment in cyber security.
Tri-Paragon’s Senior Consultants are here to assist in organizing, planning, and managing your program to achieve the desired results within your budget and resource limitations.