News

The 6 Elements Defining a Valid Cybersecurity Strategy

Steve Durbin
Published 15 - August - 2024
Read the full article on Forbes
forbesgovernancepeople

A cybersecurity strategy can be equated to a recipe. Without the right planning and key ingredients, without the right tools and skills, it will be difficult to achieve the desired outcome. Many people concentrate purely on the technical aspects supporting a security strategy; however, the nontechnical (or soft) elements can lead to either success or failure. Let’s unpack the hidden ingredients that compose a strong cybersecurity strategy.

1. Aligning Cybersecurity Strategy With Business Strategy

What does a valid cybersecurity strategy look like? Unfortunately, no single standard or blueprint exists because every organization has its own set of requirements, goals, crown jewels, risk tolerance, skill level and resources. What might work for one business may not work for another. A good security strategy is one that seriously considers the organization’s unique challenges, risks and resources, including its support for the overall business strategy—such as expanding to new markets, introducing new products or retaining customers.

 

2. Maximizing Value From Existing Cybersecurity Investments

Organizations typically deploy anywhere from 45 to 76 different security controls, which can create a false sense of security. Security teams often struggle with alert fatigue, making it difficult to keep track of multiple vendors’ new features and updates. Neglecting to properly monitor and update these tools or failing to use them to their full potential can actually increase risk. Instead of adding more security tools and further complicating the infrastructure, it is advisable for security teams to focus on maximizing the value of their existing investments.

3. Hiring The Right People

Recruit highly skilled leaders who are passionate about their roles. For example, when hiring a support engineer, prioritize individuals who genuinely take pleasure in assisting customers and resolving issues. While technical expertise is essential, it is equally important to value pride and dedication, qualities that cannot be acquired solely through formal education.

Three Resources to help you maximise value from cybersecurity investments

view all of our news articles
Array
event

Unlocking the Business Value of Security

Join Paul Watts for insights into how to accelerate a more positive change in the way security is perceived - unlocking its true potential.

Location Online
Watch on-demand on Unlocking the Business Value of Security
Array
podcast

People in Cyber: Rise of the BISO

Daniel Norman, joins Steve Durbin to discuss the emergence of the BISO role in the security workforce.

Listen Now on People in Cyber: Rise of the BISO
news
Risk

Striking a Balance Between Business Growth, Risk Management, and Cybersecurity

Featured in Security Boulevard, ISF CEO, Steve Durbin shares recommendations on how to balance business growth with risk management.

published 16 - August - 2024
Read More on Striking a Balance Between Business Growth, Risk Management, and Cybersecurity
The 6 Elements Defining a Valid Cybersecurity Strategy
Read the full article on Forbes