According to the Security Industry Association’s (SIA’s) Cybersecurity Advisory Board, there are five key steps to initiating an enterprise cybersecurity strategy. These recommendations can help you identify areas where more targeted research may be needed within your business and provide a starting point for developing a comprehensive cybersecurity strategy to mitigate cybersecurity risk.
- Decide who is in charge of information security: Whether it’s a single point of contact, team or department, there must be a leading voice within the enterprise for cybersecurity. Additionally, ensure that information security is a mandate from the operational head, not just the security department, and that it’s measurable and enforceable.
- Determine organizational risk following a prescribed order: An organization must first identify its critical assets, threats to those assets and vulnerabilities and then quantify risk.
- Implement a comprehensive security framework based on a combination of the probability of cyber-risk realization, asset value and resources available for mitigation efforts.
- Promote security as a culture through policies, monitoring, processes, tools and training.
- Obtain legal and financial assurances.
You can learn more in the full recommendations document created by the SIA Cybersecurity Advisory Board. These executive-level recommendations are intended to drive discussion within your organization.