One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2613690 |
| Date de publication | 2021-04-09 17:51:00 (vue: 2021-04-09 20:05:48) |
| Titre | What is a cybersecurity strategy and how can your business develop one? |
| Texte | The number of users, devices, and resources on company networks is growing exponentially. With this expanding attack surface, a company’s assets, intellectual property, reputation, staff and customer data are all at risk. It’s no wonder cybersecurity has increased in prominence, with many organizations investing in more sophisticated technical solutions. But just because you have all the network security solutions in place, it would be unwise to get complacent about your security posture. While technological solutions are certainly an essential piece of the defense puzzle, those resources can only take you so far if you lack a cybersecurity strategy. Business leaders, decision-makers and key stakeholders that devote the time to assess their specific organizational priorities, customer and employee requirements and overall risk profile are typically in a much better position to minimize risk exposure. What is cybersecurity strategy? A cybersecurity strategy is comprised of high-level plans for how an organization will go about securing its assets and minimizing cyber risk. Much like a cybersecurity policy, the cybersecurity strategy should be a living, breathing document adaptable to the current threat landscape and ever-evolving business climate. Typically, cybersecurity strategies are developed with a three-to-five-year vision but should be updated and revisited as frequently as possible. While cybersecurity policies are more detailed and specific, cybersecurity strategies are more of a blueprint for your organization to guide the key stakeholders as the company and business environment evolve. Goals for your cyber strategy One of the most critical goals for any cybersecurity strategy is achieving cyber resiliency. To be resilient, business leaders must remember that each organization is unique and requires a customized approach to strategy. Much like relying upon one security product or vendor to completely eradicate all threats, there is no single cybersecurity strategy that adequately addresses every business's needs. To achieve the ultimate goal of resilience, your cybersecurity strategy will require a mindset shift from reactive to proactive. Instead of focusing on reacting to incidents, the most effective strategies stress the importance of preventing cyber-attacks. That said, any robust cybersecurity strategy also puts you in a better position to respond to an attack. In the event your organization is victimized, a successful strategy can make the difference between a minor incident and a major one. Benefits of proactive cybersecurity When it comes to managing risk, a proactive approach is always superior to a reactive one. But being proactive, especially when new threats are discovered and detected at such an alarming rate, is easier said than done. Unfortunately for most organizations and cybersecurity departments, taking a reactive approach is the norm. A recent Ponemon Institute study, which surveyed 577 U.S. IT and IT security practitioners, provides the numbers to underscore the struggle toward proactivity: 69% of respondents admitted their company’s approach to security is reactive and incident driven 56% of respondents expressed concern that their IT security infrastructure contained coverage gaps, allowing attackers to get around network defenses 40% of respondents do not track or measure the company’s IT security posture A proactive cybersecurity approach not only puts you ahead of attackers but can help you maintain and even exceed regulatory requirements. Proactive strategies offer the structure and guidance that help you stay prepared and avoid confusion that may arise. With uncertainty and confusion minimized, measures for incident prevention, detection an |
| Envoyé | Oui |
| Condensat | 27001 577 about above acceptable achieve achieving across actions adapt adaptable address addresses adequately admitted agencies ahead alarming align aligns all allow allowing also always another any approach architect are areas aren’t arise around assess assessment assets attack attackers attacks available avoid balances based because being benefits best better between beyond blueprint board board—internal breathing budgeting building business business's but can center certainly challenging: changing checking cis climate cohesive; comes communication companies company company’s complacent completely complex compliance comprised concern confusion conscious consider consoles consuming contained controls coverage creates critical csf culture current customer customized cyber cyberattacks cybersecurity data decision defendable defense defenses departments detailed detected detecting detection develop developed developing devices devote difference discovered document done dramatically driven each easier effective embrace employee end ensure environment equally eradicate error especially essential even event events ever every evolve evolving exceed existing expanding expectations exponentially exposure exposures expressed external fact far federal first five focusing foster framework frameworks frequently from game gaps general get getting goal goals growing guidance guide guidelines has have help high how human identify identifying implement implementing importance important impressive improved incident incidents increased incredibly infrastructure initiatives instead institute integrated intellectual international internet invest investing isn’t iso it’s its just key lack landscape leaders level like living maintain major make makers manage managing many may means measure measures might mindset minimize minimized minimizing minor mitigated model mole: more most much multiple must necessary need needs network networks new nist non norm not notch number numbers offer one only organization organization's organization’s organizational organizations other outlining overall overwhelming partners—improves path paving people perhaps piece pieces place planning plans playing plus policies policy ponemon pops popular position positioned possible posture practices practitioners prepared preventing prevention priorities prioritization proactive proactivity: processes product profile program programs prominence proper property provide provides puts puzzle rate reacting reactive recent regulatory relying remember reputation require requirement requirements requires resilience resiliency resilient resource resources respond respondents responding response restrict revisited right risk risks road roadmap robust running said securing security security’s several shift shortages should single solid solution solutions soon sophisticated sound specific squashed stack staff stakeholders standards started stay strategies strategy stress strive structure struggle study successful such superior sure surface surveyed sync system take taking technical technological technologies technology templates than themes these think thinking those threat threats three time to: tools top toward track train transform typically ultimate uncertainty underscore understand unfortunately unique unwise updated upon users vendor vendors victimized visibility vision vulnerabilities want whack what when which will without wonder would year you’ll your |
| Tags | Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.