Security is the responsibility of the entire organization including employees and third parties. It should be part of an organization’s DNA with every action having a security consideration.
Wayne Scarano, CISSP, CCSK, SABSA
SGA Cyber Security, Inc.
Organization needs and risk management drive security decisions. Information flows up to executives and policies and decisions flow down the hierarchy. The board of directors and executive management foster a security culture – one with security baked in at all levels. All employees should participate and contribute. This security culture has an equal mix of the right people, policies, and technology. Security is a business enabler allowing the organization to safely meet its needs.
In this security culture, the board and CxOs will ask “Are we resilient? Are we managing risks effectively? Are we reducing vulnerabilities, detecting exploits, and responding effectively to minimize the impact of a breach? Are we ensuring critical data are not compromised while maintaining operations? Are we compliant?”
Poor communications, lack of leadership and lack of board oversight are barriers to effective incident response according to a Ponemon Institute report. The report concludes “senior executives want greater involvement and oversight.” Executive involvement and oversight are critical to create and maintain an effective security culture.
Related Article: Digital Security Posture – A Competitive Advantage
Security as an after-thought is a bolt-on ad-hoc approach which introduces complexity. Complexity is the enemy of security. Organizations, computers, and the Internet were not designed with security in mind. Therefore, they are vulnerable to many forms of attack. Security by design allows an organization to be resilient and adapt to business and technological changes more securely.
Foster an integrated well designed security culture to effectively mitigate risks, gain competitive advantage, and lower costs.
Original article on LinkedIn Pulse can be found here.