Cybersecurity has changed more in the last five years than it has in the ten years preceding it. Cyberattacks are constantly changing and evolving, but cybersecurity professionals must have structure and strategy; without structure and a plan, cybersecurity professionals will continue aimlessly in their pursuit of protecting the organizations they serve.
All this change is chaos and disorder, a new form of fear, uncertainty, and doubt (FUD), one, although backed by facts, fails to have direction or a documented strategy.
If it is so difficult for us to document our cyber assets and identify those assets that have an impact on our organization's revenue, how in the world are we going to do anything about the threats we face?
We can’t, it’s that simple. And any CISO call to arms that suggest we can is a stopgap measure, a call to disillusionment and ultimate disaster because our stopgaps are not solutions.
Fortunately, there are tools to assist us with strategy development and implementation; the ISO 27001 and NIST Cybersecurity Framework (CSF) are two examples of such tools. Having a solid cybersecurity framework in place and mapped to other standards or frameworks will assist you to deal with emerging regulations and protect your organization in a pragmatic manner that supports the organization’s mission, vision, and services.
Author: Dr. Bill Souza | Apr 29, 2022|