Once you Know Yourself and Know Your Enemy you will have a common operating picture of your cyber security that includes technology, systems and people. At this point you and your organization can determine an operational plan and tactical steps to reinforce its cyber protection leveraging both technology and appropriate procedures.
It is important to adopt a philosophy prior to addressing the details. Concentrate on proactive monitoring and assessment.
We believe that this means fixing your vulnerabilities and managing the incidents that will occur if and when these are exploited. Vulnerabilities are not primarily technical. Nearly all incidents that result from information security failures are the product of human actions. These could be deliberate, but are much more likely to be accidental.
Therefore think about the processes that you need to put in place to limit the damage that can be caused by employees, contractors and those who use your information systems. This means implementing policies and procedures that are meaningful, understandable and easy to use. Training and awareness on these should be quick, simple and repeated as often as necessary. But make sure that you can demonstrate baseline understanding and the improvement that takes place as a result of training programs. Reward success and understand the reasons for failure.
The approach and services we provide for optimizing your Cyber Security includes:
1. Security Policy
2. Organizational Security
3. Asset Classification & Control
4. Information Classification
5. Physical and Environmental Security
6. Communications and Operations Management
7. User Access Management
8. Systems Development and Maintenance
9. Business Continuity Management
10. Training (review, develop, refresh)
11. Compliance
More in our Cyber Security Practice:
If you enjoyed this article, please consider sharing it!
