Page 96 - Cyber Warnings
P. 96
The king of objections: the typical objections to deploying
security
Balancing the corporate strategy with the need for information security
controls
by: Corey Wilburn
There is a disturbing trend when it comes to security. We tend to think that only the big
brands that are constantly hit with the types of breaches that color the headlines are at risk.
That is the fallacy of security, “if I’m not a big brand I can afford to skimp on security, since our
organization too obscure to be a target.”
From the IT lab to the board room we need to rethink how individuals go about assessing risk
and what the actual risks are for the organization.
Of course, the Board and C-level are interested in costs, but it’s important to enable people to
take risk and move from a conversation focused on budgets and technology and also consider
risk mitigation and business strategy.
When speaking to colleagues in the field, some common elements come up in conversations.
Luckily many people “get it”. There are still some outliers in the mist, that will make, what
appear to be reasonable (at the time) assessments.
Bottom-lines, budgets, cost, and ROI – are all valid business justifications for determining
acceptable risk thresholds in an organization, and basing decisions on what is considered a
good security investment vs a bad security investment.
Assessing risk and mitigating controls to ascertain the true value of an investment takes a bit of
operational overhead if it is not already a component of the business culture.
With the prevalence of cybercrime, every organization must assess its risks thoroughly:
1. Take it from the top:
Start your assessment from the examination of what your senior leadership hopes to
accomplish in the long term. Ensure that the assets moving you toward that objective are
secure.
96 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
