IMPORTANCE OF CYBER SECURITY

THE IMPORTANCE OF CYBER SECURITY WITHIN YOUR ORGANIZATION

Information Availability & Security

 by Ted Brown             

You know that Cyber Security is an important Business Continuity Planning (BCP)/COOP issue, but like everything else in the BCP/COOP world, unless you get buy-in across the board, Cyber Security policies and procedures will be ignored.

As the world becomes increasingly interconnected, Business Continuity/COOP professionals must pay more attention to the security of their organization’s connections. It seems like every week there are new headlines about hackers bringing an organization to its knees. The stolen funds, bad publicity, and embarrassing revelations are front page news. How can you protect your organization from these issues? The best protection is to implement plans and procedures. And the best way to demonstrate the needs for those procedures is to perform a Cyber Security audit and implement the resulting recommendations.

Cyber Security Audit

A Cyber Security audit can be performed internally, but it is almost impossible to effectively audit yourself. Sending a clear Request for Proposal (RFP) to potential audit suppliers will move the process forward quickly.

An outside cyber security audit should cover the following areas:

Your organization – your IT infrastructure, basic organization details,

The RFP process – selection criteria, timeline, submission guidelines, supplier qualifications (especially independent certifications)

Inventory of Software – both authorized and unauthorized. Software concerns are similar to device concerns.

Verification of best practices for secure configurations of laptops, workstations, and mobile devices.

Internal security software assessment– you have purchased anti-virus, anti-malware, and other software for protection. Are they functioning correctly?

Assess if your current data backup and recovery policies allow you to recover from a major breech

Assess administrative privilege controls

Assess your incident response capability

Deliverables – type of reports, discussions, training, remediation details, etc.

Work with your IT department to ensure that implementing the resulting recommendations will make your organization more secure. Like most criminals, hackers look for easy targets. If your organization has easy to exploit security issues, hackers will dive right in. If your organization implements the resulting recommendations, hackers will become frustrated and move on to the next easy mark.

DEVELOPING CYBER SECURITY PLANS AND PROCEDURES ALLIES

Educate the decision makers – the lack of Cyber Security often has serious consequences.

Recruiting Allies

Other departments within the organization also have Cyber Security concerns. Below is a partial list of departments who may be interested in becoming allies on the Cyber Security issue:

Information Technology – This department may see Cyber Security as only an IT issue. They may welcome the support of additional departments and would be willing to be the lead department during the implementation. You must engage with this department since they will be needed to implement many of the resulting recommendations.

Finance – is one of the main beneficiaries of a Cyber Security audit. Engage them by talking about how a Cyber Security audit is insurance that protects the organization’s assets

Security – Not all breaches are about money or data. Sometimes breaches are about creating access to the organization’s facilities or threatening employees.

Legal and Compliance – Approach this department with contract, and other legal exposures and they should be willing to assist

Conclusion

A Cyber Security audit is a great investment and improves your organization It works best when you have the support of several internal departments, especially IT.

By MDODO REBECCA J (42614)