Unfortunately, the topics of IT security and now Cyber Security are still very much a misunderstood “black art” with a mostly technical focus.
When asked “do you think you are secure?” most CEOs and CFOs have no idea, and pin their faith in “security experts” who usually work in a mysterious silo, use language no-one understands and often avoid any oversight.
The truth is that while it is important to maintain a safe technology environment, most security issues are to do with people and process more than technology
Even ‘high-tech” technology “attacks” play on vulnerabilities caused by sloppy behaviour or financial temptations. Security can only be achieved if we educate and manage people to take care within a culture that stresses the risks we face and the disciplines we need to apply.
We focus on the 80% of security improvement that everyone else fails to tackle:
- Helping executive management treat information / cyber security from a business perspective
- Guiding the adoption of good management practices
- Educating everyone who isn’t a “security expert” to appreciate the risks and dos and don’ts
- Making sure security managers are directed and overseen to deliver business value
- Governance of Information Security
- Implementing the NIST® Cybersecurity Framework using COBIT®5
- Cybersecurity Baseline Workshop