We understand the specialized markets in which you operate and provide tailored solutions to meet your unique business needs.
Our comprehensive suite of business services combines industry expertise, market knowledge and professional insights.
MNP is a leading national accounting, tax and business consulting firm in Canada.
Suite 2000, 330 5th Ave. S.W.
Submit an RFP
MNP careers are Different by Design. As an entrepreneurial firm, we truly believe there are no limits to where your career can go.
Sociologist Abraham Maslow popularized the idea that human needs form a pyramid. For those unfamiliar, his model begins with basic physiological requirements (e.g. food, water, shelter, etc.) at the bottom, and rises progressively through safety, love and belonging, self-esteem and, ultimately, self-actualization at the top.
According to this theory, a person cannot ‘level-up’ to the next category until they’ve satisfied the requirements of the previous level. For example, it will be impossible for someone to pursue financial stability or look for housing in a crime-free neighbourhood if they don’t know where their next meal will come from.
Maslow’ Pyramid, it turns out, also happens to be a great analogy for how a business can build the framework for an effective cyber security program – at least on a basic level.
Consider that every cyber security strategy requires three different emphasis areas.
Technology concentrates on the software and hardware a business uses to operate, along with the software and hardware the cyber security team utilizes to protect against potential threats.
Operations comprises the people, policies, training and communications initiatives which flow through the organization.
strategy includes the vision, goals and initiatives dictated by business leaders to protect the organization from historical, existing and emerging cyber security threats.
These emphases exist on a continuum, with each subsequent focus becoming increasingly important as the cyber security program evolves. For example, a technology focus is an important part of the process – especially in the initial stages – but it’s easy to get stuck here. Many companies will benefit from recognizing when they’re “good enough” at one level, so they can shift their attention (and investment) to moving up to the next level.
Let’s walk through the levels one at a time.
Specific, practical and actionable, this 20-part framework outlines clear instructions IT professionals can follow to protect their technology and network infrastructure from potential threats.
Various regulatory and certification bodies publish broadly accepted (and generally expected) compliance standards which – when met – ensure competency in information security.
Shifting from broad security concerns to more specific industry or organizational concerns, this level begins to evaluate what a business specifically wants to get out of their cyber security initiatives. Questions around budgeting and specific investments begin to emerge.
An evolution of the previous step, this focuses on tying cyber security practices to specific business objectives (e.g. paying payroll on time, protecting proprietary information, etc.) as well as targeting budget dollars to continuous cyber security improvements.
Ultimately the business’ cyber security strategy will fold seamlessly into its overall strategic plan. This questions how various aspects of the company’s mission, vision and goals will cause cyber security exposure and how the cyber security program can support the business in achieving short- and long-term objectives.
Like people, every organization will be at various places on the cyber security pyramid. That’s expected and that’s okay.
The key takeaway here is to take an objective view and accept where the business is at. This may be a simplified approach, but it can be helpful to gain an understanding of the technological, operational and strategic requirements to build an effective and sustainable cyber security program.
NOTE: For those who are familiar with Capability Maturity Models, the hierarchy is not meant to replace or compete with such approaches. This is another – highly generalized – way to visualize how organizational cyber security will evolve over time.
To learn more about how MNP can help you build an effective cyber security strategy, contact Jason Murray at 647.333.6241 or [email protected]
Related Topics:Cyber Security
Suite 2000, 330 5th Ave. S.W.
Find an office near me