Friday, July 15, 2016

The Four Pillars of Cyber Security

Cyber Security is increasingly recognised as a key function for any firm.

It can be represented as having 4 key pillars:

1/ Changing People’s Behaviour Starting with the Most Senior Personnel in The Organisation

The majority of cyber security breaches result from people’s behaviour.  To change behaviour people’s conformity with cyber security policies must be monitored so they are held accountable.  From our observations the most senior management do not lead by example in this respect, or at least are not seen to lead by example. If cyber security is meant to be taken seriously then the most senior management have to be seen to undertake the training and be seen to be following the correct policies themselves. However what typically happens is that the IT department merely sends an organisation wide email telling everyone that they are meant to comply with certain policies, and there is no visibility of what the most senior staff actually do, or do not do in this respect. Consequently the “real message” to everyone in the organisation is that cyber security policies probably are not very important, and that they should try and duck out of the perceived bureaucracy if possible, and concentrate on other things.

2/ Fully Integrating Cyber Security In To Business Operations and Planning

Instead of it being seen as the property of the IT department, cyber security, should be treated as seriously as something only one step down from health and safety. Regular stress testing should take place seeking to reveal the extent to which organisationally and individually cyber security policies are being followed.

3/ Prioritising Key information Assets

It could be overwhelming to fully secure every piece of data, therefore pay most attention to securing the most critical information assets. Ask yourself, if this information got in to the wrong hands, how much damage could it could do to your organisation.  Consider business reputation and impact on sales, fines and any potential legal action against individuals in your organisation.

4/ Assuming Cyber Breaches Will Happen and Planning to Deal with Them in Advance

While doing everything reasonably possible to prevent breaches you need to assume that breaches will happen so that you have a plan in place to mitigate the damage from a breach. That will include ensuring that data was stored in a format that cannot be read or that is very difficult to decipher; so that the organisation finds out about breaches as soon as possible and key people are informed; and so that you have the operational contingency plan in place in to plug the hole, deal with public enquiries and stop the same breach from recurring.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.