Jason Polancich suggests applying successful business practices to your cybersecurity strategy.
Today, unfortunately, cyberdefense is treated mostly as a set of tactics -- hardware, software, and personnel all engaged in a technical exercise of pushing buttons and pulling levers -- which is a short-view approach. Long-term cyber resiliency is built on solid processes and strategy made possible by a formal and diligent data-collection and analysis function -- just as organizations treat threats to sales, financial, product development, or marketing strategies.
Borrowing from Jack Welch, this strategy should start with top management laying out the mission to provide focus to your cybersecurity strategy.
- Who are you and what do you provide?
- How is that product or service delivered?
- What do you have that’s most attractive to cyber criminals?
- What are your exposures and where?
- What multiple parts of your business can be most impacted by cyberthreats?
- How can these threats affect the company’s customers, your products, or your ideas and trade secrets?
Answering these questions will define for everyone what is most important. This can drive security decision-making regarding across the entire organization.