CYBERSECURITY IS A Business Issue
Agenda Business Goals People, Processes, & Technology Cybersecurity Program
Source: BREACHLEVELINDEX.COM
Copyright © 2019 Risk Based Security, Inc. All rights reserved.
Business Goals Does your organization have defined business goals? Does your organization have defined goals for managing cyber risks? Does you organization have a strategic plan for achieving the defined cyber goals?
Cybersecurity Program Tell me about your organization’s Cybersecurity Program. Technology alone will not adequately protect your organization
It’s Not Rocket Science, but… A robust strategy includes addressing the basics 100% of the time. Covering the basics is not impossible, but does require a focused effort. The strategy will consist of an integration of people, processes, and technology.
Vulnerability Management
Stages of vulnerability management: Discover Prioritize Scan/Assess Report Remediate Verify
Cybersecurity Program A cybersecurity program provides a holistic view of the actions needed to achieve sound cybersecurity management across the enterprise.
Cybersecurity Program Framework A framework establishes a life cycle approach for developing and maintaining a comprehensive cybersecurity program. Cybersecurity is not a one-time task or project with a defined completion date.
Cybersecurity Program Success Factors
Critical factors to ensure that your program is positioned for success: Executive Management Support Business Goals and Objectives Alignment Strong Governance Structure Sound Security Standards & Frameworks Defined Roles and Responsibilities Shared Ownership
Cybersecurity Program Management
“I think that in any group activity – whether it be business, sports, or family – there has to be leadership or it won’t be successful.” – John Wooden
“There are risks and costs to action “There are risks and costs to action. But they are far less than the long range risks of comfortable inaction.” – John F. Kennedy