Cybersecurity Strategy and Business Management

cybersecurity strategy

Having a Cybersecurity Strategy is Essential

Having an effective cybersecurity strategy to protect information assets is a necessity in today’s business world.  News stories and alerts appear daily, informing us of yet another threat or data breach that has put at risk the valuable data and security of millions of people.  This endless pressure can lead to paralysis induced by fear, but fear is not a strategy. 

As Sun Tzu, author of the Art of War said, “He who exercises no forethought but makes light of his opponents is sure to be captured by them.”  Sadly, the modern business world is often too caught up in a tactical perspective at the expense of a strategic one.  Strategy involves vision, risk management, and a hankering for moving beyond the status quo. 

Learn From Those in the Lead of Cybersecurity Strategy

Having accepted the need for action, one need not re-invent the wheel.  A number of organizations who must respond effectively are setting excellent examples.  The Department of Homeland Defense (DHS) is such an example. 

In its publication, Cybersecurity Strategy the DHS lays out its plan of battle in a series of goals.  These goals include Five Pillars:

  1. Risk Identification
  2. Vulnerability Reduction
  3. Threat Reduction
  4. Consequence Mitigation
  5. Enabling Cybersecurity Outcomes

Risk Identification

Identifying the evolving nature of the threat landscape through a risk assessment can inform an organization of the scope of the problem and the nature of the cybersecurity strategy that must be employed.  As the nature of cyber attacks are constantly changing, effective strategies will require constant monitoring with goals of improvement of extent processes and controls.  

Vulnerability Reduction

For the DHS Vulnerability Reduction includes denial of access to malicious cyber activity and maximizing collaboration between stake holders.  This is an excellent practice for businesses as well.  Employing appropriate  policies and working together with all departments, employees, customers, and vendors is a major step is an important part of an effective cybersecurity strategy.

Threat Reduction

The DHS seeks to reduce cyber threats by countering transnational criminal organizations and sophisticated cyber criminals.  While as executed by the DHS, such activities lay well beyond the purview of most companies, employing effective technological and security systems to protect your organization’s information is essentially performing the same task.

Consequence Mitigation

Having an action for mitigating the effects of a cybersecurity incident is of extreme importance to a business, its vendors, and customers.  Such responses must be planned for and coordinated across the board to minimize the damage as quickly as possible.  Because the nature of future incidents is unknown, strategies developed to address them should be flexible in order to enable solutions that are adaptive.

Enabling Cybersecurity Outcomes

This pillar is composed of two goals: To support policies and activities that enable improved cybersecurity risk management, and to execute these policies in an integrated and prioritized way.  

Examples of enabling outcomes would include allocation of resources to ensure proper cloud system configurations and ensuring that software and hardware used don’t increase attack vectors.

ISO 27001 Information Security Management System (ISMS)

Fortunately for businesses who are serious about developing a comprehensive cybersecurity strategy, ISO 27001 employs all of these principals into action.  It incorporates people, processes, and IT systems to coordinate security efforts consistently and cost effectively.  CVG Strategy can help your business develop a cybersecurity strategy that is appropriate to your business goals, culture, and marketplace. 

Kevin Gholston

Share this post