| |November 20179CIOReviewsecurity all are impacted when a cyber breach occurs. Any cyber security breach is directly related to financial loss of a company due to Information, reputation, operational, legal and opportunity loss. Organizations can reduce the risks to their business by building up capabilities in three critical areas­ Prevention, detection and response.· Installing fundamental measures, including placing responsibility for dealing with cyber crime within the organization and developing awareness training for key staff.· Detecting strange patterns in data traffic through monitoring of critical events and incidents and data mining.· During an attack, the organization should be able to directly deactivate all technology affected. When developing a response and recovery plan, an organization should perceive cyber security as a continuous improvement process and not as a one-off solution.Management Role in Cyber SecurityEnsuring that the enterprise is sufficiently protected and prepared to deal with a security breach is a vital board duty making cyber security a practical extension of the board's responsibilities. It's vital for all board members, regardless of technical background, to participate in ensuring the right policies and practices. The senior management should focus on "strategy, policy, and management oversight" that includes everything from office Staff to CXO level executives to train them over cyber security and the organisations risk management plan. Key Initiatives for Cyber Security Framework· Develop Security Policy and Guidelines frameworkDevelop and launch a suite of Cyber Security policies and guidelines based on the ISO/IEC27001 code for Information Security and supported with COBIT, ISO 22301 and ISO 20001 standards. These frameworks and certifications will formally establish the organizations Cyber Security Program and set forth employee responsibility for information protection. The Key Benefits are-· Clear security baselines for all departments· Policy based foundation to measure results· Consistent application of security controls across the enterprise· Identity and Access ManagementA flexible Identity and Access Management system is capable of managing the vast heterogeneity of business, providing authentication and authorization services to enterprise and departmental IT solutions. The key benefits are-· Better security through uniform and repeatable access control processes· Reduced potential for security breaches and fines due to non compliance· Network and System Security ArchitectureTiered security architecture provides ability to separate resources based on their data, business criticality and function. The key benefits are-· Improved security by applying technical safeguards that enforce policies.· Ability to determine high risk areas and focus security resources · Cyber Security Awareness TrainingCyber Security awareness training serves to inform employees of their responsibilities for protecting the information in their care. To further engage the user community, the security office has to work to develop a variety of information-sharing forums to include electronic and live mediums. IT SECURITY RESELLERS INSIDE THE ORGANISATIONCRITICAL INFORMATION ASSET FRAMEWORK INITIATIVESThe Cyber Security Office utilizes a methodology that establishes Cyber Security requirements based on risk assessments.
< Page 8 | Page 10 >