I was at a recent event listening to various government and commercial C-Suite executives speak about security. I sat in the room intently listening to the claims of success and predictions as to the future of cyber security. As usual discussions of the need for better data analytics, intuitive and intelligent IDS’s, and SEIM solutions received great enthusiastic responses. There were also many discussion topics about the need for better incident response capability, protection of Personality Identifiable Information (PII) and other sensitive data, and reporting metrics.
At the end of the event, during the Q&A session, I stood up and asked one question to everyone on the panel. “What is your individual strategy for addressing cyber security within your enterprise?” Immediately I heard various ways that firms were addressing vulnerability management, near-real-time data analysis, and the use of the latest and greatest devices and software technologies to provide security. I restated my question after mentioning that that the answers provided thus far were great practices and tools for providing security. However, they are not a strategy.
Having tools and utilizing best practices are great methods. Yet without a strategy of how these, and other methods, are to be leveraged is merely creating a false sense of security. Having a strategy allows for a holistic security implementation. If clear, a strategy will minimize redundant spending, maximize security resources, identify high value target areas, provide a roadmap for scalable acquisitions, prioritize architecture changes, and identity expertise requirements (just to name a few things) for the future. Most importantly, a strategy can align cyber risks with business risks.
It is because of the business/mission that the enterprise was created. Therefore, protecting that mission should be the goal. Thus, it is paramount to ensure that the measures employed to accomplish the mission balance security, operations, and business functions.
So, I ask; “What is your security strategy?”
if you’re interested in learning more about our Cyber Security Services you can contact Stanley Goldman by email at Stanley Goldman or 201.573.0400 Ext.14