decrypting myths
Understand your risk profile
The risk profile outlines a company’s
known risks, policies and practices to
guide how far you need to go and are
willing to go to safeguard your assets
and data. The most basic approach
to understand your risk profile is to
conduct an information gathering
exercise and rely on internal resources.
A more professional alternative that
produces more extensive insights is to
hire a consultant or solution provider
to conduct an external audit of your
processes and infrastructure.
Prepare an incident
response plan
In case of a cyberattack, organisations
must have an incident response plan to
tackle the issue at hand effectively. The
basic goals would involve the creation
of a team that has clearly defined roles
and responsibilities. It would also be
important to prepare basic rules and
instructions in advance which must be
followed to minimise damage.
And, in order for the information flow
to reach out in a timely and organised
manner, organisations must ensure
that the right communication is shared
at the most appropriate time across
stakeholders including employees,
supply chain, customers, etc to
keep them abreast of the situation in
hand as well as about the corrective
measures underway.
Minimise downtime
Data is critical – it’s the engine of any
business activity – and its role and
importance therefore must be placed at
very high level within the organisation.
Its safety and security should play an
integral role in the overall management
strategy. The objective of any IT team
in the time of a cyberattack is to
ensure that there is business continuity
78
Develop a roadmap of your
current security factors and
prepare for future needs by
bridging the gap with clearly
defined objectives to be met
within each growth phase.
and the delivery of ongoing services.
However, there must also be a strong
consideration by the CEO and directors
on a legal platform to ensure that their
shareholders are not at risk.
Therefore, minimising downtime during
an attack is central and can be dealt
with by having the right business
continuity and disaster recovery plans
in place.
Remain proactive
Timely skills upgrades are very
relevant in today’s changing
cybersecurity environment. Training and
communication must be provided on a
Issue 03
|
www.intelligentciso.com