• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Successful cybersecurity needs to be business-driven

April 13, 2015 by Patrick Hayes

cybersecurity image

Copyright: / 123RF Stock Photo

As the number and level of potential attacks, breaches and dangers to companies’ vital information increase, it’s imperative that every organization have an effective cybersecurity program in place. Yet, to some companies, designing and implementing security measures capable of reacting to any real or perceived threat at any point in time seems like an impossible task.

It is challenging, but it can be done.

To do so, you need to focus on more than just technology or simply meeting compliance. To truly safeguard your organization, you must develop and implement an evolving and comprehensive “business-driven” security program; one that fully integrates your security requirements with your overall business goals and objectives.

One of the reasons security fails is because organization’s lack an understanding of their overall business needs and level of risks. As a result, companies will either install just enough security measures to meet regulatory compliance, or they’ll over invest in technology to detect every new threat the national media reports without verifying whether those threats will actually affect them.

The problem with just being compliant is it may not leave you fully protected. Compliance standards are good starting points for what regulated organizations should do, but they don’t take into consideration the new cyber-threats unleashed every year. On the opposite end, adding complex and restrictive technology at every possible entry point can limit employee performance and customer access by forcing them to weave through a gauntlet of overly strict security controls.

So what’s the solution?

Adapting a business-driven approach will help your organization prioritize exactly where you need to invest in cybersecurity. A vital element of implementing this approach is through the use of an Enterprise Security Architecture (ESA) framework, such as the Sherwood Applied Business Security Architecture (SABSA). An ESA provides a foundation for IT and cybersecurity personnel, especially CIOs and CISOs, to be more involved in business objectives and decisions.

Too many organizations struggle with the communication of risk and security investment. By understanding your company’s objectives, your most important assets, and your levels of risk tolerance, security professionals can provide valuable insight into determining where you need security most and how to implement it more effectively. At the very least, this helps provide a dialogue to determine which security initiatives get funded and which do not, as well as the associated risks of not funding.

ESA is a key differentiator from existing security practices. It not only helps you make intelligent risk-based decisions at every level, in most cases, it also offers a more cost-effective solution. Instead of plugging every security gap with technology and hoping for the best, you only need to purchase and install devices at verified locations within your network.

Businesses without an effective enterprise security program and a clear understanding of their information security priorities are exposed to a number of critical risks. Risks include disruption or loss of revenue; damage to reputation and public confidence; unauthorized access to information; identity theft; unavailability of business-critical information; loss of physical assets; and possibly a threat to personnel safety.

Effective security operations require an integrated business-driven security architecture. Although ESA doesn’t provide a concrete technical tool with which to counter advanced persistent threats or zero-day attacks, it does provide a critical tool to identify assets of value to your organization, as well as your most vulnerable points. Security services can then be tailored to your environment to address more sophisticated and complex threat scenarios.

For more information on Enterprise Security Architecture and business-driven security, download our white paper.

Filed Under: Guest Posts

About Patrick Hayes

Patrick Hayes is managing director for Seccuris Inc., a leading information security consulting, risk management, and managed security services firm serving North America since 1999. He is a seasoned business leader with over 20 years of experience in information technology strategy. Patrick is a certified Enterprise Security Architect and PCI-DSS QSA. During the course of his career, he has operated in several key senior technology and operation roles with IBM, Allstream and IC Group. Contact him through LinkedIn or at the Seccuris website.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: With so much fun had this year, we're eager for next year! Mark your calendars for May 9-10, 2023 back at Mystic La… https://t.co/Cbk0abnNSO
    about 13 hours ago

  2. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 3 days ago

  3. Fusion Learning Partners
    Fusion Learning Partners: Congratulations @UMSAOrg on a successful 2022 #Secure360 event! We are honored to be part of your conference team &… https://t.co/RbT7IEG49G
    about 3 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.