Cyber Security Today, Dec. 29, 2023 – Get cracking on your cybersecurity strategic plan

Share post:

Get cracking on your cybersecurity strategic plan.

Welcome to Cyber Security Today. It’s Friday, December 29th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

This is my last podcast for 2023. I’m sure this being the last regular workday of the year another report of a data breach isn’t on your mind. So I want to take a few minutes to encourage cybersecurity managers to set some time aside during the long weekend — or even next week when the pace of things will hopefully be slow — to think about your organization’s formal cybersecurity strategy. Not just your patching policy or your plan to refresh software and hardware, but the overall strategy.

Working piecemeal on cybersecurity won’t make your firm better able to withstand attacks.

If you already have a strategic cybersecurity plan, it probably needs the annual honing. So for this episode I want to focus on those of you that don’t have a formal plan.

This isn’t a matter of outlining a few points on a piece of paper by yourself. Or after a meeting with the security or IT team. You can’t create a strategic plan without knowing what cyber risks the business is willing to accept. So to start, plan on scheduling a meeting with your organization’s leaders. Learn what the organization needs, and then their IT needs. And then ask management what level of risk it’s willing to accept for operations. Management also has to set corporate security policies, such as the acceptable use of company-owned devices and who on staff needs extra security login protection such as multifactor authentication.

From there the broad strokes of the plan can be outlined. Is one day of downtime acceptable? Are a couple of hours acceptable? Is only five minutes of downtime acceptable? Remember there will be different performance demands for different applications. Once you understand the business risks, you can delve into the IT side: Inventory the organization’s hardware and software and then do a risk assessment of each component. Design security controls — or get replacement technology — to blunt the vulnerabilities. The strategic plan has to include the corporate security policies set by management, identity and access control management, data management, a backup and recovery plan and a plan for security awareness training.

It also has to include an incident response plan. Some outlines for creating cybersecurity strategies leave this to the last. I think it should be first: After all, 30 seconds after hearing (or reading) this podcast you may be warned your organization is under attack. A good incident response plan starts with choosing who will be on the IR team, creating a contact list and building a response playbook to deal with eventualities your organization will likely face.

Finally, the cybersecurity strategic plan has to be approved by management — and reviewed annually.

I’ve shortened the process — hey, the long weekend is beckoning. But there are lots of articles online that go into greater detail. One of your IT providers may have resources. I relied in part on the book Security Battleground, An Executive Field Manual by Intel Press.

Finally, I want to thank audio producers Don Naylor, James Roy and Miadori Nagai for making me sound good, editor Lynn Greiner for catching mistakes I make in my copy before news stories are posted on our website, and publisher Jim Love for his support..

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. My next podcast will be Wednesday, January 3rd. Between now and then I’ll post breaking news at 

The post Cyber Security Today, Dec. 29, 2023 – Get cracking on your cybersecurity strategic plan first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Costs from Global CrowdStrike Outage Could Exceed $1 Billion

The global tech outage caused by a faulty CrowdStrike update on Friday could result in damages exceeding $1...

CrowdStrike exec’s ironic prediction: Hashtag Trending for Tuesday, July 23, 2024

CrowdStrike predicts their own issues, VMWare continues to confuse, the work week in Bangalore will amaze and Microsoft...

CrowdStrike update: Warnings from national cyber agencies, repair options from Microsoft

National cybersecurity agencies in the U.S., Canada, the U.K. and Australia issued security warnings about the faulty CrowdStrike...

Worst cyber event in history: CrowdStrike – Cyber Security Today and Hashtag Trending Special Edition for Monday, July 22, 2024

This is a special edition of Cyber Security Today and Hashtag Trending for Monday, July 22, 2024 I’m Jim...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways