One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2531095 |
| Date de publication | 2021-03-25 10:00:00 (vue: 2021-03-25 11:05:37) |
| Titre | Cybersecurity strategy…. To Plan or not to plan…That is the question |
| Texte |
What is a strategy? As defined by Merriam Webster…. ‘a carefully developed plan or method for achieving a goal or the skill in developing and undertaking such a plan or method.’ A cybersecurity strategy is extremely important, but many organizations lack a strategy, or they have not kept their strategy and subsequent roadmap current. A strategy is especially important in this day of digital transformation and for key initiatives like Zero Trust.
Cybersecurity requires a holistic approach, implemented uniformly throughout the enterprise. A practical cyber / information security strategy, aligned with business objectives, built on an industry-accepted framework, and adjusted to the applicable threat landscape, can help create a predictable and consistent environment and minimize business risk. An effective strategy is instrumental in setting the direction for the cybersecurity program and decision-making information security budget allocation, information security initiative prioritization, and objective measurement of the effectiveness of the program.
Having a unified strategy enables enterprises to focus their information security efforts to be more inclusive, cohesive, and efficient. Furthermore, an information security strategy developed without regards and alignment to the overall business and IT strategy in the organization will likely lead to inefficiencies and inconsistencies at best, or ineffectiveness and increased operational losses, diminished brand /reputation, at worse. An information security strategy defines the goals, objectives, and methodologies used to address internal and external threats faced by the enterprise. The strategy drives moving from a reactive posture to a proactive approach. As the business objectives change and the threat landscape evolves, so must the cybersecurity strategy. This is not a one-time effort but a continuous process. However, evolving with a solid foundation makes it much easier to adjust the strategy and subsequent cybersecurity posture.
Organizations must first adopt a framework of security requirements based upon appliable laws and regulations they must comply with, industry standards, and other drivers, such as customers or business partner requirements. It is crucial to align with the business. What are the business strategies and how can cybersecurity enable them? What inputs must be obtained?
Business requirements
IT strategies
Enterprise risk appetite
Enterprise risk assessment
What are the key activities to determine the current security posture?
Gap analysis against the framework
Determining program maturity and security capabilities
Benchmarking against industry peers
Industry state and threat landscape
Once the current state is understood organizations can determine where they want to go. This should all be grounded in aligning with business and IT strategies and reducing risk. In addition, prioritization takes into account risk management principles, compliance requirements, resources, budget, timelines and dependencies across the organization. Because this is a process and not a one-time effort, measures and scorecard should be established to show iterative progress in meeting defined targets.
The implementation of the strategy is facilitated by a strong communication plan across the enterprise-from key stakeholders to all employees. Communication is about garnering support, providing education, establishing the ‘cybersecurity brand,’ adjusting the culture, a |
| Envoyé | Oui |
| Condensat | ‘a ‘cybersecurity a because it /reputation about accepted account achieve achieving across activities addition address adjust adjusted adjusting adjustments adopt against align aligned aligning alignment all allocation analysis appetite appliable applicable approach are assessment based benchmarking best brand budget built business but can capabilities carefully change cohesive communication compliance comply consistent continual continuous create crucial culture current customers cyber cybersecurity cyclical day decision defined defines dependencies determine determining developed developing digital diminished direction drivers drives easier education effective effectiveness efficient effort efforts employees enable enables enabling enterprise enterprises environment especially established establishing evolve evolves evolving external extremely faced facilitated feedback first focus foundation framework from furthermore gap garnering goal goals grounded have having help holistic how however implementation implemented important improvement including inclusive inconsistencies increased industry ineffectiveness inefficiencies information initiative initiatives inputs instrumental internal iterative kept key lack landscape laws lead like likely loop losses made makes making management management; many maturity measurement measures mediums meeting merriam method methodologies methodology minimize more moving much must nature not objective objectives obtained once one operational organization organizational organizations other overall part partner peers plan plan…that posture practical predictable principles prioritization proactive process program progress providing question reach reactive reducing regards regulations reporting requirements requires resources review risk risks roadmap roles scorecard security setting should show skill solid stakeholders standards state strategies strategy strategy… strong subsequent such support takes targets them threat threats throughout time timelines transformation trust understood undertaking unified uniformly upon used using variety various want webster… what where will without worse zero |
| Tags | Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.