You have just put to the board the reasons the firm needs to improve its IT security. The board has given you consent to investigate the options and report back.
Presenting a rational analysis of the options to the Board, and successfully implementing your recommended option, will be a coup; but failure to gain the trust of the board could result in further inaction, or the task being handed to someone else. So, what should you do?
- Recognise that you won’t be able to stop everything
- Monitor to ensure that you can detect malicious activity
- Rehearse your incident response
Prevention used to be enough, but now organisations need to take a stratified approach to IT security. An approach that uses threat intelligence to prevent badness from getting onto your network. Recognising that you won’t be able to stop everything you need a solution that monitors your environment to ensure that you can detect malicious activity in good time and extinguish it.
Your approach should include as a last line of defence rehearsing your incident response plans so that you can respond effectively to security incidents and minimise their impact on your business.
- Step 1 – Understand and document an assessment of the firm’s cyber security risk
- Step 2 – Obtain Board agreement on a strategy for managing cyber risk
- Step 3 – Define and prioritise your business requirements
- Step 4 – Identify and analyse advanced monitoring solution options
- Step 5 – Defining the solution
- Step 6 – Selecting the right company