Cybersecurity - Combating The Next Decades Greatest Threat14 Jan 2021 | Ashwin Nair
Looking to have a perfectly secure organisation is, in principle, aspirational. Security leaders must develop their own model balancing risk appetite with investments to elevate security, taking into account industry vertical, business and operating model, size, maturity, culture and stage of digital transformation.
Successful organisations structure their security organisation based on the five key functions of:
Working with the leadership and mostly the IT, Legal and Strategy teams, this function primarily defines, governs, and measures adherence/performance to security policies. This is done by developing, implementing and maintaining the security strategy and plan including the policies, procedures, process maps and roles/responsibilities, as well as, providing ongoing governance of the programs. The function also ensures compliance with all regulatory, industry, and internal requirements. With all the policies and procedures in place, it becomes equally important to have regular audits and so, performance measurement and monitoring is another key activity that this function takes care of. Overall, this function lays the foundation that is critical to having the right security program with leadership oversight.
The Governance, Risk, and Compliance function should partner with the HR and Corporate Training departments, to develop and implement an enterprise-wide information security awareness and training program. A cyber awareness and enablement program is responsible for delivering essential knowledge, skills and capabilities for the security teams on an ongoing basis, ensuring an always-on preparedness. With the right level of training and oversight, this continuous skills training should establish a security-first culture across the organisation.
One of the most active and critical functions is cyber defence. The cyber defence organisation deals with proactively protecting and defending the organisation from cyber threats. Some of the core components include Security Architecture and Engineering, Identity and Access Management, Patch Management, Application Security, Network Security, Mobile Security, Cloud Security, and more.
Another critical function in the security organisation, commonly outsourced, is called the Security Operations Center (SOC). SOCs are mostly a centralised unit acting as the first line of defence. The team is responsible for detection and reporting potential threats and suspicious events. Some of the key activities performed include Threat Intelligence and Management, Continuous Brand Monitoring, Log Management, Vulnerability Management, Alert Ranking and Management, and more.
The speed and method of an incident response is critically important, and may well be the difference between a minor disruption and a major disaster. The respond and recover function deals with quickly discovering an attack, containing the damage, and restoring the integrity of the network and systems. Some of the core activities performed include Incident Response and Management, Business Continuity Management, Disaster Recovery, and Forensic Investigation and Analysis to identify root causes. This function focuses on cyber incident preparedness and crisis management.
With the ever-changing and increasing threat landscape, combined with the lack of skilled resources in the market, having a perfect organisational blueprint for every enterprise is difficult. The security function needs to be flexible, customisable and ready to be able to adapt to the speed of transformation in the market, as well as planning for the cybersecurity needs of the immediate future. Waiting for things to go wrong for planning and implementing a cybersecurity team is not worth the risk.
Digital14’s cyber transformation and resilience framework (Assess, Tranform & Educate, Monitor & Respond) works across the above five key functions to enhance the cybersecurity posture of our clients. Contact us at Digital14.com to learn more about the framework and how we can provide assistance to prepare your organization to ensure holistic cybersecurity.
Connect with us