For Board Level Execs: An enterprise security strategy in three easy stages – part one
Jonathan Wagstaffe, one of our UK & Ireland Cisco Champions from Project Vision, gives us an enterprise security strategy in two blogs – part two to follow
Security threats are at an all-time high, because the stakes are at an all-time high. Ten years ago, the typical cyber-security threat was from an Internet prankster; a smart but misguided teenager, writing code to create nuisance on the Internet and impress their peers.
In the last ten years, the threat has grown exponentially. Now the big threats are from organised criminals, who are either looking to harvest information, or looking to use your systems as tools for their illegal activity – be this crime or terrorism.
The most common conceit, especially in smaller organisations, is to think “we’re too small to be noticed, nobody would want to bother with us”. Don’t kid yourself; the bad guys (the malicious actors, as they are known) use automated systems, and those systems are scanning the Internet looking for vulnerabilities. If your cover isn’t strong, they can be in and out without ever being detected.
The purpose of this piece is not to analyse the threat in great depth. That’s a separate subject for another day. What I want to do is to provide board level execs with an approach to establishing how effective is your organisation’s security policy – via three easy questions.
The recent trend in defending your organisation against cyber threat has been towards Universal Threat Management (UTM); integrated security rather than point solutions. UTM is about having a set of products, policies, and procedures that together provide the right level of security for your organisation. So, how do you go about it?
As a board level exec, you need to ask three questions of whoever is responsible for cyber security in your organisation – be that an internal or external body.
Those three key questions are:
- How will we prevent security breaches
- How will we detect security breaches
- How will we recover from security breaches.
And that’s it. This is by no means a perfect solution – security is a constantly moving challenge. However, you can assess your own organisations readiness today by asking those three questions: prevention, detection, and recovery. So, those are your questions. In part two, we’ll look at some of the things that should appear in the answers.