Cyber Exposure Center
Compliance part I:
Compliance does not equal security. It’s not necessarily good for the business, not always anyway. Everybody in the industry has to do it, but doing it too diligently can actually reduce your competitive advantage. We think of compliance as a necessary evil. The big question for a cybersecurity manager is how much compliance is mandatory?
Compliance part II:
Policies might not sound glamorous, but they are the foundation of the security management structure in the company. A cybersecurity manager who doesn’t start here is, frankly, likely to fail. Management support and approval for the cybersecurity manager lays the foundation for information security throughout the company.
Compliance Part III:
Security concerns can be split into two camps: internal and external. Internal includes all the systems inside the company’s walls that the company or organisation has direct control over. Handling internal security is easier than handling external security because it’s within the company’s domain and control.
Assets and Access Part I:
Security tools and increased awareness are key to keeping a company secure, but many companies also need help with a basic question: What, exactly, are they protecting? Many companies simply don’t know what they have and what they need to protect.
Assets and Access Part III:
We love it when companies start focusing on cybersecurity. Too often, though, the new focus distracts companies from basic security measures that have to be taken care of, no matter what, like physical security.
HR and security part I:
The human resources department helps the company find people, hire them, train them, fire them, and manage the whole personnel process. For some reason, there are a lot of jokes about HR people being evil, maybe because they control people’s careers. But they are essential to any organisation.
Cybersecurity development plan Part I:
As soon as the cybersecurity manager has a firm understanding of the structure of the company and the current security liabilities, the next step is to create an effective cybersecurity development plan. This plan will provide a blueprint of actions to help them move forward in securing the company’s data.
Cybersecurity development plan Part II:
When the cybersecurity manager has created a solid cybersecurity plan, after meeting with department heads and senior executives, putting together a current assessment of risks, and identifying compliance issues, he comes away with a detailed to-do list that can move the company forward on security. The work is not done, though.
Cybersecurity development plan Part III:
Because every move the cybersecurity manager makes must be supported by resources, the topic of funding is never very far from a cybersecurity manager’s mind. They will want to get to know the most powerful person in finance, the CFO, or chief financial officer. CFOs have tremendous influence over how effective a cybersecurity manager can be in her job.
Protect IT infrastructure Part I:
Companies must protect IT infrastructure, including cloud services, internally maintained servers and related equipment, computers, and other internal and external networking resources. From a security point of view, IT infrastructure used to be like a medieval castle with a wall around it and one big gate for entry and exit.
Risk Part II:
Securing a budget is one of the most important goals for the cybersecurity manager, but the numbers will be meaningless if the company doesn’t understand the risks the cybersecurity plan seeks to mitigate. Almost anything the cybersecurity manager wants to get done requires them to demonstrate an authentic risk.
Risk Part III:
Risk management is a practice, a profession, and a bit of a science. It also has measurable, real-life effects. What Is Risk? The basic formula of risk says that it is the probability that something unwanted will happen multiplied by its total impacts.
The Cyber Security Manager part I:
The ideal situation: a newly hired cybersecurity manager reports for duty and, on his or her first day, is presented with a set of specific expectations and detailed objectives for cybersecurity set forth in a clearly written cybersecurity plan.
The Cyber Security Manager part II:
A good cybersecurity manager must understand both the organisational structure and the power structure of the organisation they work in. This is essential. If the cybersecurity manager doesn’t know who makes the final decisions, who controls the money, and who the key influencers are, it will be difficult to be effective in the cybersecurity manager role.
Cybersecurity Management is the process of assessing and managing the risks associated with your organization’s cybersecurity vulnerabilities.To achieve security assurance, cybersecurity management is an organisation’s capability to use a range of controls, strategies, processes, and social approaches to protect its information-processing systems and assets. Today’s information-intensive and fast paced environment shapes how organisations use assets and use these