Governance
Whether at home or work, we all experience a person or group making sure that rules are made and not broken so that the things we need to do get done. Cyber security has a similar requirement, which we call ‘Governance’. It covers everything from strategy to budget, data protection to taking card payments and is the ‘wrapper of comfort’ most management needs to ensure the cogs are turning as they need to.
In a bit more detail:
Governance ensures your organisation does the right thing at all levels. It outlines sponsorship, clear lines of accountability, ensures risks are adequately mitigated and assures that cybersecurity strategies all work together in the best interest of your business.
Here are 4 quick wins to start you on your cyber-health journey to improve in governance; click on the icon or scroll down to see more detail:
Make someone accountable for cyber security in your company
Know your legislative obligations and meet them
Understand where you are today and have a roadmap to where you need be
Put by some budget aside for cyber security activities
Make someone accountable for cyber security in your company
Like other areas within your business, whether it is finance, sales etc, your company should nominate an individual who is responsible for cyber security.
This individual is responsible for providing the direction and ensuring that the right things are being done to keep the business safe.
Some simple steps you can take to make someone accountable are:
- Nominate someone within your company who has an interest in cyber security but it as a level where they are also accountable
- Provide cyber related training for your nominated individual
- Set up communication channels between your nominated individual and your senior management
Know your legislative obligations and meet them
Most business have legal obligations to meet, be it adhering to privacy regulation or more stringent ones such as financial regulations. It is important to know and understanding hoe to meet the regulations that affect your business.
Some simple steps you can take to meet your legislative obligations are:
- Research your industry and official guidance to draw up a list of regulations your business needs to adhere to. Join industry forums with like-minded businesses
- Map out the regulations and how your business will mee them, this may be through a blend of process and technology
- Bring in outside help where expertise is needed
Understand where you are today and have a roadmap to where you need be
To increase your cyber-health your business should identify its goals and where it needs to be. This involves understanding where you are today and what you need to reach your goals.
Some simple steps you can take to build your cyber security roadmap are:
- Decide what areas you would like to improve on that are important to protecting your business
- Build a picture of where you are now in your chosen areas of improvement
- Decide where you want to be and use your starting point to set your route, embark on a series of projects to address each area
Put by some budget aside for cyber security activities
Just as looking after your own health takes time, effort and investment; improving your cyber-health requires a similar investment with time, effort, resource and budget.
To ensure that your business can improve its cyber-health, you will need to put aside budget to meet your goals.
Some simple steps you can take to budget for your security activities are:
- Using your roadmap, work with the business and vendors to understand the cost of any products you may need to buy, such as EDR, secure transfer services etc
- Decide whether your business has the internal skills and resources needed to carry out the improvement or if you could benefit from external skills (i.e., consultancy)
- With the above in mind, work out what sort of budget you need to put aside to improve your cyber-health