A cyber security strategy is your logical start point if you want to up your cyber risk management game beyond the basics. The strategy will present your aims and rationale, and set the scope – in terms of organisation, systems and people.
The strategy will also state which principles, standards and/or frameworks you will adopt to guide you. There are many available, so it’s important to work out the most suitable and relevant.
Committing suitably qualified and experienced people to develop your strategy is key, as is determining the correct levels of governance. Board level sponsorship is critical to a successful cyber security strategy – without that, you will struggle to secure and maintain the necessary resources and visibility to implement, sustain and improve your cyber security posture over the medium to long-term.
Giving cyber risk management clear structure and a high profile through a cyber security strategy paves the way for you to make more informed decisions for your organisation. It will give you the tools to balance competing requirements and efficiently create the right level of protection.
Taking the time to select the right support resources will save you time and money by avoiding confusion and duplication. And appointing the right people – with the space and tools to do the job – will ensure your strategy is implemented in a timely and efficient manner.
Getting your cyber security strategy in shape can also help you to feel more confident to take advantage of technological advances. Trends such as cloud-computing, social media and BYOD (bring your own device) offer operational advantages and cost savings – with a good strategy, you will be ready to take them on.
Having worked with organisations of all shapes and sizes over the years, Ascentor understands how to help transition to a more sophisticated approach to cyber risk management and cyber security in general. We can help you to set a cyber security strategy with realistic goals and appropriate resources.
We have assessed many approaches to cyber security, including those put forward by international organisations, often as an extension to existing standards or methodologies. We have selected three widely-available options that can be tailored appropriately to suit any organisation: the US National Institute for Standards and Technology (NIST) Cybersecurity Framework; the Centre for Internet Security (CIS) Top 20 Critical Security Controls; and the Cybersecurity Capability Maturity Model (C2M2).
We are also familiar with all the relevant standards, schemes and models that may be mandatory or desirable to prove credentials and comply with contractual obligations. These include ISO 27001, PAS 1192-5, List X and List N and Cyber Essentials to name a few. We can advise on which will offer the most value to your organisation.