Social Network For Security Executives: Help Make Right Cyber Security Decisions
I wonder why big giants all big 4s talking about it designing their services around the Cyber Security.
What is Cyber Security? Do we need Cyber Security? Are we not there yet? Some of these questions are in my mind and I am sure in yours too.
The increasing devices around me make me think and at times I wonder do I need them, why do I need them, can I not live without them? The answer is No and Yes both.
No, is the answer that many will choose and so did I, however on the other side Yes is also prevalent, the big question is do I really want these devices around me.
Imagine the era where the landline phone was there in one of the houses and all used to use a PP number, I am sure some will have a smile on their face as I used a PP number to be accessible.
People say times have changed and it has forced us to have these devices and high tech gadgets around us, I think it’s us who needs more and more every day, it’s not the time or the technology it’s the humans who has the uncontrolled need of innovation, be in the comfort of everything which are giving rise to these devices and gadgets.
It’s like if Apple has 5S the latest phone.. Darn it.. the 6S is bound to be released - it has become the minimum expectation of people now. These days the definition of events which will happen by course of its nature has changed, earlier it was winter will come after summer, now a days we talk about the next version before the current version of any device in market.
Today all my dear friends and technology experts have a serious concern on the security, a decade ago to ensure security all that was required was to do was focus on building a secure digital fort around their in-house enterprise IT infrastructure, which included servers, network architecture and the employee PC stations all of which were on premise and hence relaxed to monitor and control within the physical walls of the enterprise.
Today all CISOs/CIOs are facing vast security encounters due to hurried evolution in the volume and variety of information across multiple devices, platforms and infrastructure, increased connectivity to third-parties.
These devices will keep growing more and more, the Management will always ask for more and more efficiency and business from employees and CISOs will keep adding the security measures and Infrastructure, making the layer fat and complicated.
( Read more: My Key Learning While Implementing Database Security )
What’s the solution?
Well there is no perfect answer to this long lasting debate; neither will it have in future it will keep getting more complex every day.
I believe that many organizations need to change their outlook on cyber security. They should do this by playing on the strengths than the fears, Investment should be balanced between risks and potential impacts.
Some of the ways if adopted may help us control the risk in a big way, it is essential that organization management take leadership in:
Are we heading in the right direction?
Organizations are running for 100% security, best in class security by heavy investments, have to be world class these are some of the trends that I have observed.
As a CISO, you want to know whether your organization has adequate approach to Cyber Security, do you have a view of organization’s Cyber Maturity?
It’s the ecosystem of the organization which plays a major role; I would say it is the 6 pillars which tell the maturity.
Management – Display ownership, onboard right people,the experts.
Information Security ISMS- How effective are the current risk controls and the management of information throughout the organization.
BCM – Disaster recovery – How prepared are you and to what ability to prevent or minimize the impact through crisis management.
People- What is the level of involvement and integration of Skills, Education, Culture and Knowledge.
Service Delivery – What level of controls are implemented to minimize operations impact
Legal & Compliance – Comply to legal and regulatory requirements to minimize the impact
There can be many ways to protect and assess the Cyber Maturity of the organization but the most important is that it should be on radar.
You can also refer to some of the additional information
Let me know your thoughts on it, feel free to add to it for the betterment of the subject.