Although cybersecurity risks impact every enterprise, the ways in which they are affected are different, as is the way in which they develop and deliver their Cybersecurity Strategy. Cybersecurity has few, if any, one-size-fits-all solutions. Each organisation is unique, as are its needs and goals.
When developing a cybersecurity strategy, a sample of some of the key questions business managers, owners and directors should consider are:
- Do we have the expertise to manage our cyber risks?
- What cyber expertise do we require, and what do we have?
- What is our plan to develop or source the skills that we need?
- What cybersecurity work should we keep in-house and what should we outsource – is some specialist assistance required on an ad hoc or temporary basis?
- As a business manager, owner, or director do I possess the right level of proficiency to be accountable for the cybersecurity decisions that I make? – if not how do I address this situation.
- What training do we have in place for staff on our security policies and cyber threats? - to ensure we have, or are developing, a healthy cybersecurity culture.
- How do we align cybersecurity with business goals?
- Will this strategy help us to understand the likely investment required to manage our cybersecurity risks over the next 3 years?
Kaon Security assist organisations to develop their cybersecurity strategy tailored to suit their unique operational realities. The strategy can be developed at a high level, or with additional detail included in the strategy implementation plan. Both high level and detailed versions should address the unique needs of the organisation.
Click here to download our Cybersecurity Strategy Development Whitepaper.
Identifying your critical assets
With a good understanding of its assets and their criticality, a business is going to be better placed to apply resources efficiently in order to develop a response plan and be prepared for a cyber incident.
Identifying critical assets is a time-consuming exercise, which involves a number of steps including:
- Gathering the initial information relating to the IT environment and the general controls in place
- Identifying the existing applications in use, data locations, data ownership, and data management
- Performing a Business Impact Analysis for the data assets to classify them in order of criticality and priority to assist determining their value
- Identifying gaps, if any, and collecting the missing information
Many organisations have critical assets sitting with third-party service providers or residing on cloud platforms, therefore taking stock of all assets (location, ownership and management) is an important step in this exercise.
Conducting a business impact analysis will make it easier to determine the appropriate way to protect assets before, during, and after a cybersecurity incident. When assessing the business impact it is important to consider different scenarios, and any serious implications resulting from an incident that compromises your critical assets such as financial losses, reputational damage, and regulatory compliance penalties.
Kaon Security can assist organisations to conduct a series of comprehensive in-house workshops, so that key organisational stakeholders can methodically identify all critical assets, and then make qualified decisions as to which asset(s) are most valued and critical to protect. This exercise also helps analyse how well the assets are currently protected and identify any gaps in the existing controls. Contact us today.