WHY IS A HOLISTIC VIEW BETTER FOR CYBER MATURITY - NUMBER 7
Data security is one of the fundamental bits when considering security and access controls, data must be treated with respect, some of the data hold won't even be yours.
Your customer, partner and employees are stakeholders here and they want you to take it seriously, it also helps maintain your reputation as a organisation that cares.
In my opinion there are right and wrong ways to approach this obligation, I have tried to be clear, without using jargon, on some of the considerations that are exploring
Key takeaways:
- What is it and why is it important and how it works? - A scenario.
- Considerations when approaching data security to save you time and money
WHY IS A HOLISTIC VIEW BETTER FOR CYBER MATURITY - NUMBER 6
Identity & Access Control (and management) is vital in a world where networks feel less resilient to compromise.
You could argue that more funding for the bad guys and more reliance on "off the shelf" network devices and control tools by the good guys, contribute to this. but staged identity validation can help reduce the impact of what is now considered to be an inevitable event.
Key takeaways:
- What is it and why is it important?
- How it works? - A physical scenario.
- Considerations when implementing and managing it.
WHY IS A HOLISTIC VIEW BETTER FOR CYBER MATURITY - NUMBER 5
Whilst some may consider policy, process & procedure a little dry, there is no doubting their importance to the smooth, efficient and secure running of an organisation. getting this bit right will unlock your business, getting it wrong, well...
So here is the fifth one in the series - Policy, Process & Procedures
Key takeaways:
- What are they and why are they important?
- Why creation of poor policy or process has a flow down impact?
- Considerations when creating, changing or implementing policy, process and procedures
WHY IS A HOLISTIC VIEW BETTER FOR CYBER MATURITY - NUMBER 4
OMG! Why is supply chain management so hard?
Yeah it is, but employing a huge dose of pragmatism and a proportionate approach to supplier assurance will help you.
So here is the fourth one in the series - Key takeaways:
- Why is supply chain risk management critical
- How can you do it without destroying your margin and compromising the operational continuity of your organisation
- What you should consider when employing a supplier
- How should you apply obligations without scaring the horses
WHY IS A HOLISTIC VIEW BETTER FOR CYBER MATURITY - NUMBER 3
We are humans, we like tangilble things but not everything is that way, take data. Data is sometimes intangible, but its an asset and requires management in the same way as a device or a staff member requires management.
We tackle this topic as well as others relating to the third NCSC CAF principle - Asset Management.
The document tries to summarise why asset management is important and why management should be proportionate to the assets criticality
WHY IS A HOLISTIC VIEW BETTER FOR CYBER MATURITY - NUMBER 2
Sometimes I think that we as an industry treat cyber as a bit of a point exercise, I see many individuals and organisations that treat it this way -
The thing is I don’t think cyber security and therefore business resilience can be dealt with like that.
This time we tackle the second NCSC CAF principle - Risk Management.
This is a vital step in the maturity chain, it's outcome will define the journey to cyber maturity in your organisation. agree or disagree with the opinion presented, but don't avoid.
Observations from a CISO - Cyber Maturity in the Private Equity industry
At ThirtyNine Cyber we are full of opinions, however there are some people you should never let loose on an unsuspecting public...
We love a bit of controversy however, so we let Gareth out of the box marked “CISO, open when you need an honest view point” (not necessarily a popular one).
He wants to do more of these, BTW, so strap in!
WHY IS A HOLISTIC VIEW BETTER FOR CYBER MATURITY - NUMBER 1
Sometimes I think that we as an industry treat cyber as a bit of a point exercise, I see many individuals and organisations that treat it this way -
The thing is I don’t think cyber security and therefore business resilience can be dealt with like that.
To test that view we have begun a series of opinion pieces that tackle the cyber subject in the way a framework would do. like NIST or NCSC’s CAF.
Have a read and if you agree say so if not also say so. its an opinion, opinions exist to be challenged.
ASSESSMENT VALUE - The "So What?" Question.
I see lots of solid cyber companies offering cyber maturity/compliance/risk assessments and the range of frameworks. The frameworks they leverage is large - but haven't we missed the point? “oh, we use. the [NAME OF FRAMEWORK]” ... So what!
THE ASSESSMENT FRAMEWORK IS INCIDENTAL
Yeah, sure it’s important to conduct an assessment - it’s what we do after all but it’s more important that the assessment has purpose, an outcome, that is actionable and moves the assessed organisation forward positively and proportionately. . .
©Copyright. All rights reserved.
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.