LinkedIn Qn: Assessing Needs for Cyber Cecurity

By -

LinkedIn Post

Today on LinkedIn I was asked a relevant question about Assessing Needs for cyber security:

"Begin by evaluating your current cybersecurity skill set against industry standards and the specific demands of your IS environment. Identify areas where you lag behind and need improvement. This might include knowledge of recent threats, mastery of new security software, or understanding advanced cyber defence strategies. Once you've pinpointed your skill gaps, you can create a targeted plan to address them, ensuring that your efforts are focused and effective.

I found myself looking at all the answers professionals had posted and as one would expect they were all very relevant, but I thought they were lacking one crucial element, so I started posting my answer/comment, I had unfortunately run out of space so I've posted the full comment below:

All of the standard answers to the question of assessing cyber security needs:

 - Reviewing the risks against your current IS environment, checking for developments aired by industry leaders and training are all extremely relevant, very important and "common sense" at the end of the day, especially if you want to try and stay ahead of the curve.

However, I believe we all get caught up in the monster of a machine that security and technology create and forget the simple but huge risk that can be made by not communicating with the key stakeholders in the business being assessed.

Skills gaps are always going to exist in an ever-changing environment. 
Time is finite, and I think it's detrimental to focus on upskilling on something you don't know will be relevant over risks you don't know exist.

It's extremely important to keep your finger on the pulse of the business and have a relationship with all stakeholders about how the business is running and where it might be heading. People are generally the weakest security point when everything else is running smoothly. 

We all have days when we need that extra coffee or the boss is rushing you to do something last minute that they have forgotten they needed, shifting your focus and putting more pressure on your day...
Or alternatively, there's a process or system that's not working well "anymore" in the business,  it's creating pressure and someone's investigating a new system (which the security team aren't aware of), or even worse shadow IT is already in play.

Cyber Security is a high-pressure environment, partly from the pace of technology, adversaries and the extent of risk to a business but like technology, our thirst for wanting to know what the "latest and greatest" is adds more pressure and strain to what truly needs to be assessed.

I say if you're meeting the essential 8, monitor your assets with their associated risks and keep apprised of the Government and the bigger public alerts, your focus should be on the larger risks from the insider. These can only be understood and assessed through relationships and internal communication.

Keep your ears open and your finger on the pulse so you can close the risk gap before you don't know it doesn't exist...

Cyber Security - The People Aspect


Comments

Post a Comment

Popular posts from this blog

Stay COVID Meeting Safe

By -
I've had a number of people asking me recently about using recently popularised Apps due to COVID-19 in personal situations. In my personal opinion, I would steer away from both Zoom and Houseparty in particular, use something that is tried and tested like Messenger , Hangouts , Facetime or WhatsApp and ensure they're up to date as the latter two have also had hacking issues in the past due to people not updating after identified security breaches. Both Apps are very popular at the moment and have had security and privacy concerns raised. Houseparty has been reviewed by security experts which have said: "it's probably safe". It has safe security options but it is up to the end-user to implement them correctly. Having said that if you read the fine print Houseparty uses your personal data and advertising as their income (nothing is free), there have been reports of users having their login details for Netflix and Spotify accounts compromised but these ar
Read more

COVID-19 Coronavirus v Technology Path

By -
It's surprising what can instill business remodeling and push for changes in technology or an increase in an uptake. COVID-19 has had an extreme impact in our daily routines and has pushed towards a working from home in ways that would have taken years to become the norm.  Don't get me wrong we've been on our way there in the past few years with the developments onto cloud and SAAS solutions; on-line tools, integrations and deliveries; ICQ to Skype to a plethora of communication solutions. In the company I work for/with I've had to roll out a solution we've has available in a SAAS group but never pushed on as it was a convenience solution in place of face-to-face meetings primarily used for FIFO (fly-in-fly-out) clients that might have a limited schedule to communicate and not be in a convenient location. However now that COVID-19 had reared its head into the workplace it obviously creates a risk factor for a traditional face-to-face meeting which is quite likely to
Read more

Cyber Security Awareness 002: Understanding PII (Personally Identifiable Information)

By -
Image
PII (Personally Identifiable Information) What is PII and what should I be aware of? What is PII? In terms of Cyber Security PII (Personally Identifiable Information) is any information associated with the target that could be used as potential leverage for an attack against that individual, an associate, or the company they work for as well as any clients and suppliers the business deals with.
Read more