☰
How about aligning cybersecurity with the business needs?
It is generally perceived that aligning business goals with cybersecurity needs is a roadblock that business units within an organization must deal with or circumvent in order to achieve their business goals. It is also true that most cybersecurity professionals, particularly those who focus on core IT security, often perceive business unit representatives as being ignorant of cybersecurity risks. Contrary to their respective beliefs, these perceptions are generally not accurate: cybersecurity professionals and business unit representatives must work together to recognize data and application security as a priority and to make informed decisions,
particularly when it comes to security and the cloud.
In those good old days, information security, as it was simply known then, was simpler when all of an organization’s information and systems were housed at its headquarters. With a true security perimeter in place, organizations basically deployed the same layered, defense-in-depth security controls throughout the entire enterprise, such as network firewalls and intrusion prevention and detection systems (IP/DSs). This perimeter-based architecture has largely disappeared, thanks to the popularity of mobile technologies and the rise of cloud computing and the new paradigm of cybersecurity.
Today, different applications face different kinds of risks depending on where they and their users are located, to such an extent that we simply can no longer rely on perimeter-based enterprise controls to protect them. We are entering an era where security controls can be more easily tailored to meet the needs of individual applications. Today’s cybersecurity is heavily data-driven, and business unit representatives know what kinds of data they own and process on a day-by-day basis. In due course, they are the ones who must make risk-based decisions about security and choose which risks are acceptable to them.
Cybersecurity professionals must ensure that business units are informed about those risks and aware of the potential costs of cybersecurity incidents, as well as the costs of various options to mitigate risks. This role definitely includes educating business unit representatives about the risks that cybersecurity, cloud and BYOD and computing other challenges present to the organization and how security controls can be deployed to gain the necessary visibility into the entire computing environment.
Dr. Austine Ohwobete, 07/10/2018
Our Comprehensive Suite of Solutions and Services . ..
Today, most enterprises try to deal with cybersecurity threats by focusing inwardly through conducting vulnerability assessments, making detailed network maps, and in some cases, deploying robust patch management processes to continuously monitor their networks and systems. While this approach provides some benefits, against many cyber threats it's ineffective. Most corporate networks are so large and complex that it's simply too difficult to identify all of their assets, or all of their vulnerabilities, and patch them fast enough. Today's cyber wrongdoers are sophisticated, well-funded, and patient—they use a wide range of techniques to penetrate even well-protected enterprises...
