Cyber Security Today, Dec. 29, 2023 – Get cracking on your cybersecurity strategic plan

Share post:

Get cracking on your cybersecurity strategic plan.

Welcome to Cyber Security Today. It’s Friday, December 29th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

This is my last podcast for 2023. I’m sure this being the last regular workday of the year another report of a data breach isn’t on your mind. So I want to take a few minutes to encourage cybersecurity managers to set some time aside during the long weekend — or even next week when the pace of things will hopefully be slow — to think about your organization’s formal cybersecurity strategy. Not just your patching policy or your plan to refresh software and hardware, but the overall strategy.

Working piecemeal on cybersecurity won’t make your firm better able to withstand attacks.

If you already have a strategic cybersecurity plan, it probably needs the annual honing. So for this episode I want to focus on those of you that don’t have a formal plan.

This isn’t a matter of outlining a few points on a piece of paper by yourself. Or after a meeting with the security or IT team. You can’t create a strategic plan without knowing what cyber risks the business is willing to accept. So to start, plan on scheduling a meeting with your organization’s leaders. Learn what the organization needs, and then their IT needs. And then ask management what level of risk it’s willing to accept for operations. Management also has to set corporate security policies, such as the acceptable use of company-owned devices and who on staff needs extra security login protection such as multifactor authentication.

From there the broad strokes of the plan can be outlined. Is one day of downtime acceptable? Are a couple of hours acceptable? Is only five minutes of downtime acceptable? Remember there will be different performance demands for different applications. Once you understand the business risks, you can delve into the IT side: Inventory the organization’s hardware and software and then do a risk assessment of each component. Design security controls — or get replacement technology — to blunt the vulnerabilities. The strategic plan has to include the corporate security policies set by management, identity and access control management, data management, a backup and recovery plan and a plan for security awareness training.

It also has to include an incident response plan. Some outlines for creating cybersecurity strategies leave this to the last. I think it should be first: After all, 30 seconds after hearing (or reading) this podcast you may be warned your organization is under attack. A good incident response plan starts with choosing who will be on the IR team, creating a contact list and building a response playbook to deal with eventualities your organization will likely face.

Finally, the cybersecurity strategic plan has to be approved by management — and reviewed annually.

I’ve shortened the process — hey, the long weekend is beckoning. But there are lots of articles online that go into greater detail. One of your IT providers may have resources. I relied in part on the book Security Battleground, An Executive Field Manual by Intel Press.

Finally, I want to thank audio producers Don Naylor, James Roy and Miadori Nagai for making me sound good, ITWorldCanada.com editor Lynn Greiner for catching mistakes I make in my copy before news stories are posted on our website, and publisher Jim Love for his support..

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. My next podcast will be Wednesday, January 3rd. Between now and then I’ll post breaking news at ITWorldCanada.com. 

The post Cyber Security Today, Dec. 29, 2023 – Get cracking on your cybersecurity strategic plan first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Hashtag Trending Mar.1- HP debacle; Humanoid robots closer to hitting our workplaces; Apple blew $10 billion on the electric car before pulling the plug

If rumours are true and this one should be, I started it, we have a special edition of the Weekend show where we talk about the evolution of the role of the CIO with two incredible CIOs as the CIO Association of Canada turns 20. Don’t miss it.  MUSIC UP Can HP make you love

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways