Suited man holding a tablet with a lock graphic spiraling

Cyber Progression: Developing a Focused Approach

April 03, 2019

Cyber Progression: Developing a Focused Approach

Synopsis
4 Minute Read

Strategy and focus are critical for an effective cyber security program. MNP’s Jason Murray explains the role business leaders play in driving a business-oriented approach.

In the most basic sense, cyber security is the practice of protecting information on interconnected computers. Yet it’s easy for organizations to become overwhelmed by the technical minutiae. Usually this happens when they get bogged down in the seemingly random ‘stuff’ they think their cyber security program requires and stuck in a ‘stop all bad things at all costs mentality’.

The problem is almost always a disproportionate emphasis on tactics over strategy. We often hear comments like, “that’s what we’ve always done”, “a vendor recommended it” or, “we heard it was best practice.” And when that crops up, it almost always underscores a lack of context.

While it’s true that implementing and overseeing an effective cyber security program requires specialization and expertise – organizational leaders can still play a pivotal role in steering the direction, goals and culture. In most cases that simply requires stepping back and embracing a shift in perspective.

Controls Focus

Whether they’re worried about compliance, trying to meet regulatory obligations or simply don’t know any different, this is the ‘stuff’ that most leaders find themselves caught up in.

It’s also what’s likely to come to mind when most early-stage organizations think of cyber security.

Controls are the policies, procedures, hardware and software intended to protect an organization against potential threats. They’re useful for detecting incidents, responding to incidents and recovering from breaches. They’re certainly important. But what they don’t reveal is precisely what each control is doing, how it’s protecting the business and how well it’s functioning.

Threats Focus

If there’s one focus to view cyber security through, this would be the most useful. When you understand your threats, the vulnerabilities in your environment and the risk that results, it’s significantly easier to take a calculated approach to protecting your information.

Sometimes a specific control, such as a firewall, is the best way to offset a threat. But in this case, the organization can leverage that control in a calculated and common-sense manner. They know what the limits of the control are, what threats it will and won’t help against.

Process Focus

Cyber security is fluid. New threats emerge all the time. The functionality and effectiveness of existing controls wanes over time. Behaviours shift. A process focus embraces a culture of constant improvement and drives toward program maturity.

Some process-driven questions include: Do existing controls function as intended? Do organizational processes and procedures effectively support the control? What has changed in the business or risk environment to shift our threat exposure?

A Balanced Approach

A business-oriented cyber security program requires the right mix of all three focuses. The goal of leadership is to move the company from any one section of the Venn diagram above toward the middle.

There will be times when the organization needs to shift in one direction or another (i.e. heavy controls focus to achieve compliance in a narrow timeframe). But when an organization is aware of their focus at any given time, it’s easier to recognize the skew and emphasize a threat or process focus to bring things back into balance.

Insights

  • Confidence

    December 01, 2021

    The path to pharmacy ownership : Start-ups and acquisitions

    If you’re looking to make the leap from employee to owner of a pharmacy, consider some practical information on what it takes - from a financial capital, strategy, legal, and tax planning approach.

  • Confidence

    December 01, 2021

    Sealing the leaks: how to create an airtight case

    Disparate and dirty data can significantly slow down forensic investigations. Here’s how digital data reconstruction can help.

  • Confidence

    December 01, 2021

    Designing Compelling and Sustainable Dashboards

    Following a few simple guidelines will increase the odds of designing and building dashboards that are accessible, relevant, and most importantly – used!