One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1671587 |
| Date de publication | 2020-04-23 12:00:00 (vue: 2020-04-23 13:01:46) |
| Titre | Why cybersecurity needs a seat at the table |
| Texte | Introduction A shift has occurred in the bastion of corporate hierarchy in the last few decades that has fundamentally changed how organizations operate. This shift started about sixteen years ago in 1994 with Citibank/Citigroup. After suffering a cybersecurity incident, they created the role of Chief Information Security Officer (CISO); a role which has only grown in prominence since. It’s common today to see even small, privately owned, organizations feature a CISO or similar role on their executive team. Along with the growing presence of both executive and non-executive cybersecurity professionals, there has been an interesting dynamic introduced to the corporate environment. Instead of just dealing with the complexities of maintaining a technical environment; organizations are realizing they also need to contend with the security of them as well. Unfortunately, many organizations have not taken the requisite steps to properly integrate cybersecurity into their general operations. Why it matters Most professionals understand the importance of centralizing the mission of the corporation throughout all departments and initiatives. It’s a common component of most, if not all, business programs and is driven home time and time again. This message does not always translate to the Security or Information Technology (IT) teams, however. Even in the face of an ever-shifting technological landscape plagued with breaches and attacks, organizations regularly fail to appropriately consider the role cybersecurity plays in their business. Security is the most effective when it has multiple layers and is included from the beginning. Much like any form of design or construction, it is significantly easier to add features at the beginning than after the project is completed. Trying to shoehorn security components into existing systems or processes is both difficult and often costly, requiring significant buy-in from the organization to accomplish effectively. Failing to include security at the beginning of projects can also lead to acquiring or building systems that have fundamental security issues. This includes things like contracting with a vendor that does not practice due diligence or purchasing software with technical issues that may be exploitable by malicious third parties. What you can do Not all companies can afford, or even support a new executive-level security member or advanced security program. That does not mean that they can afford to leave cybersecurity out of the conversation. Instead of trying to rework your entire company or hire new leadership, organizations can instead utilize alternative solutions to accomplish similar effects. These solutions can be used either independently, or in concert, with each other to help facilitate meaningful collaboration between leadership, delivery teams, and security. The solutions below aim to be relatively inexpensive and as simple as possible. Change Advisory Boards Having a Change Advisory Board (CAB) is highly recommended for any organization. The CAB provides an additional layer of protection regarding changes to critical infrastructure, software, or overall business operations. Including cybersecurity here is an easy way to give them broad access to core projects without creating significant process changes. This group should include leaders from other departments to provide a robust knowledge base. The CAB should have insight into core projects and changes that may impact operations or security. Regular announcements Along with, or in some cases in-place of, CAB meetings it is strongly encouraged to produce regular announcements about major changes, upgrades, et cetera. This provides staff exposure to new ideas, process changes and technology while providing a forum to get input from those that will be affected by these changes. These announcements can also be paired with more informal meetings or townhalls to fu |
| Envoyé | Oui |
| Condensat | them trying 1994 about access accomplish acquiring across add additional advanced advise advisory affected afford after again ago aim alignments all along also alternative always announcements another any apply appropriate appropriately are attacks attempting base bastion been beginning below between board boards both breaches broad building business but buy cab can cases centralizing cetera change changed changes cheapest; chief ciso citibank/citigroup collaboration combined common communication companies company compared completed complexities component components concerns concert conclusion consider construction contend contracting conversation core corporate corporation costly costs created creating critical culture cybersecurity dealing decades decisions delivery departments design difficult diligence directly discussion distribution does driven due during dynamic each easier easiest easy effective effectively effects either eliminate email embed encouraged end engage entire environment environment; even ever excessive executive existing exploitable exposure face facilitate fail failing feature features feedback financial form formality forum from functionality fundamental fundamentally further general get give goal group growing grown has have having help helps here hierarchy highly hire home how however ideas impact importance important improves incident include included includes including independently inexpensive influence informal information infrastructure initial initiatives input insight instead integrate interesting introduced introduction investments issues it’s just key knowledge landscape last layer layers lead leaders leadership leave level like lists maintaining major make malicious many matters mature may mean meaningful meetings member message mission more most move much multiple must need needs new non not occurred officer often only operate operational operations organization organizations other out overall owned paired parties personnel place plagued platforms plays possible practice presence primarily privately proactive process processes produce product professionals program programs project projects prominence properly protection provide provides providing purchasing realizing receiving recommended reduce regarding regular regularly relatively requiring requisite response retroactively rework robust role roles seat security see service shift shifting shoehorn should significant significantly silos similar simple since sixteen small socialize software solution solutions some staff stages stakeholders started step steps strongly such suffering suggestions support sure systems table taken team teams technical technological technology than them these things third those throughout ticketing time today tools topics towards townhalls translate truly trying ultimately understand unfortunately upgrades used useful utilize vendor venue voice way well what when whether which why will within without years your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.