Page 46 - Cyber Defense eMagazine June 2020 Edition

P. 46

• Ensure your organization can recover from security incidents faster and more easily
• Justify investments in IT security to the board of directors

Information Security Steering Committee

The CISO is supported by a cross-functional Information Security Steering Committee. In order to make
sure that information security leadership and management extends across the organization, Steering
Committee members need to include senior representatives of marketing, sales, operations, HR, finance
and IT. Formal appointment to the Information Security Steering Committee is made by the COO in
consultation with the CISO.

Stablishing an Information Security Culture

The effectiveness of an information security program ultimately depends upon the behavior of people.
Behavior, in turn, depends upon what people know, how they feel, and what their instincts tell them to
do. While information security policies, an awareness training program and the other required information
security practices can define, regulate and impart information security knowledge these rarely have
significant impact on people’s feelings about their responsibility for securing information, or their deeper
security instincts. The result is often a gap between the dictates of information security policy and the
behaviors of our people.

Develop a risk assessment process

Risk assessment is an important part of any cybersecurity risk management plan. It is important have in
mind the following points, as find as below:

• Identify all your company's digital assets, including all stored data and intellectual property

• Identify all potential cyber threats, both external (hacking, attacks, ransomware, etc.) and internal

(accidental file deletion, data theft, malicious current or former employees, etc.)

• Identify the impact (financial and otherwise) if any of your assets were to be stolen or damaged

• Rank the likelihood of each potential risk occurring

41 42 43 44 45 46 47 48 49 50 51