One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2815277 |
| Date de publication | 2021-05-20 10:00:00 (vue: 2021-05-20 10:05:38) |
| Titre | What is a trusted advisor? …and why do I need one? |
| Texte | Organizations today, even those not related to "tech", all have a need for cybersecurity. Regardless of your industry vertical, if you have email, a website, a phone system, or even just have people using computers, cybersecurity is needed at some level or another to protect your ability to do business. Strategy first What is your cybersecurity strategy? Every organization has unique needs, regulatory requirements, budgets, and priorities. Every organization needs to go through the process to understand each of these and create a roadmap for how they are going to protect themselves. There are many varieties of security products/technologies out there. Understanding what your organization needs is a daunting task. And just buying the technology doesn't suddenly make your organization protected. It needs to be implemented and maintained, it needs to integrate with other technologies and processes, and it needs to address your organization's needs without itself becoming an impediment to doing business. Do you outsource or do this in-house? Planning your next 2-3 years means you are making purchasing decisions and process changes that are aligned together to build a solid program and lowering the risk that your organization will be in the headlines for the wrong reasons. This is where using trusted advisors can help. What is a trusted advisor? Trusted advisors come in many different roles depending on your needs. They might be: An assessor that comes in and helps identify gaps (e.g. lack of consistent patching on servers) and helps you determine how to close them. Someone that helps you get your organization aligned to specific security frameworks or regulations (e.g. HIPAA/HITRUST, PCI, ISO 27002, NIST CSF) for compliance and the ability to win contracts from Fortune 500 companies. An individual that supports a CISO or Director of Security helping out as a sounding board to flesh out ideas and help identify costs and risks. They may even help you write the business case and draft the initial presentation you give to your board or manager to ensure adequate funding. Someone who acts as an educator and can help you prepare for an external audit, review and enhance training curriculum, and help people understand their roles, especially in organizations where people wear many hats (e.g., help define expectations) Unlike a technologist (someone who helps implement a technology, e.g., install and maintain a firewall), a trusted advisor works holistically to help align technologies and a cybersecurity program: That firewall needs to be updated; do you need a documented process? Should you send out an email to users that their login screen will look a little different? Is now a good time to change the architecture and move into the cloud? The value of trusted advisors is that they are people that have done it before and bring experience to the table. They have already seen the bumps and potholes and help you anticipate and navigate around them. They have worked with organizations of all sizes and have multiple tools in their toolkit to help innovate, administer and coordinate your security program to fit your organization. How do you choose a trusted advisor? These are features of a trusted advisor that you should consider: Ability to utilize other subject matter experts. No single individual will have an unlimited skillset. Your Trusted Advisor should have resources available to them to help provide deep knowledge. They should be working in your best interests. While vendors have fantastic advisors for sizing and implementing their product, there may be some concern that a recommendation is likely to benefit their organization more than yours. For an advisor to be trusted, you should feel confident that their recommendations are based solely on your needs. Ability to learn about and understand you |
| Envoyé | Oui |
| Condensat | 27002 500 a full ability able about above abreast acts address adequate administer and advisor advisors align aligned all already also another anticipate architecture are around assessor attract audit available based be: becoming before beginning benefit best better board breadth bring bringing brought budgets build bumps business but buying can can't case cases change changes choose ciso close cloud come comes companies compliance computers concern that confident consider: consistent contracts coordinate costs count create csf curriculum cybersecurity daunting day decisions deep define depends depth determine different director documented doesn't doing done draft each easily educator else email employee enhance ensure ensuring especially even every expectations experience experts external fantastic features feel firewall first fit flesh flexibility fortune frameworks from funding gaps get give going good has hats have headlines help helping helps hipaa/hitrust hire holistically hours house how however ideas identify impediment implement implemented implementing impressed individual industry initial innovate insight install institutional integrate interests interviews iso itself job just knowledge lack learn level levels likely little login look low lowering maintain maintained make making manager many matter may means might mistake model more most move multiple navigate need needed needs network next nist not now one only organization organization's organizations other out outsource over own patching pay pci people personal phone pick planning point potholes prepare presentation primarily priorities process processes product products/technologies professionals program program: protect protected provide purchasing rather reasons recommendation recommendations record regardless regulations regulatory related replace require required requirements resources review risk risks roadmap role of roles roles depending say screen security seen send servers should single sizes sizing skillset solely solid some someone someone's sometimes sounding specific speed spend starting step strategy stray subject suddenly support supports system table task tech technologies technologist technology than them themselves these those through time today together toolkit tools train training trends true trusted understand understanding unemployment unique unlike unlimited updated; users using utilize value varieties vendors vertical walk wear website week what when where who why will win without work worked working works write wrong years your yours …and |
| Tags | Patching |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.