Intelligent CISO Issue 03 | Page 78

decrypting myths Understand your risk profile The risk profile outlines a company’s known risks, policies and practices to guide how far you need to go and are willing to go to safeguard your assets and data. The most basic approach to understand your risk profile is to conduct an information gathering exercise and rely on internal resources. A more professional alternative that produces more extensive insights is to hire a consultant or solution provider to conduct an external audit of your processes and infrastructure. Prepare an incident response plan In case of a cyberattack, organisations must have an incident response plan to tackle the issue at hand effectively. The basic goals would involve the creation of a team that has clearly defined roles and responsibilities. It would also be important to prepare basic rules and instructions in advance which must be followed to minimise damage. And, in order for the information flow to reach out in a timely and organised manner, organisations must ensure that the right communication is shared at the most appropriate time across stakeholders including employees, supply chain, customers, etc to keep them abreast of the situation in hand as well as about the corrective measures underway. Minimise downtime Data is critical – it’s the engine of any business activity – and its role and importance therefore must be placed at very high level within the organisation. Its safety and security should play an integral role in the overall management strategy. The objective of any IT team in the time of a cyberattack is to ensure that there is business continuity 78 Develop a roadmap of your current security factors and prepare for future needs by bridging the gap with clearly defined objectives to be met within each growth phase. and the delivery of ongoing services. However, there must also be a strong consideration by the CEO and directors on a legal platform to ensure that their shareholders are not at risk. Therefore, minimising downtime during an attack is central and can be dealt with by having the right business continuity and disaster recovery plans in place. Remain proactive Timely skills upgrades are very relevant in today’s changing cybersecurity environment. Training and communication must be provided on a Issue 03 | www.intelligentciso.com