Cyber Security Governance

Cyber Security Governance

Cyber Security Governance

Develop a secure foundation upon which your organization will thrive

Aquia Solutions | Cyber Security Governance

Over the last several years many organizations, large and small, have suffered major security breaches. That’s because evolving technology enables evermore resourceful cyber crime, forcing organizations to revamp their corporate structure and make cyber security governance an integral part of their risk posture.

What is Cyber security Governance?

Cyber security Governance is a framework that provides a structured and measurable approach to combine security strategies with business strategies. It’s a distinct aspect of Information Technology that focuses on developing and maintaining the 4 “P’s” of security: Products, Processes, Policies, and People.

Products
Technology meant to store, exchange, or process data was, and is, not always designed with security in mind. Heavy reliance on these technologies will need continual evaluation.
Processes
Established methods of handling data that were once considered acceptable yesterday, are detrimental today. It’s vital to secure how data is processed as it moves across systems.
Policies
Technologies and cyber threats evolve which means that using outdated policies will only serve to harm the organization. Policies to which organizations adhere must be flexible and up-to-date.
People
Humans are unfortunately the weakest link in cyber security and easily fall prey to social engineering attacks. They require continual and intensive training to identify and remediate security issues.

Complying with security requirements is not an easy task. Here are a small sample of active and enforceable regulations:

  • GDPR – General Data Protection Regulation (2018)
  • CPPA – Consumer Privacy Protection Act (2017)
  • EUUS – EU/US Privacy Shield (2016)
  • SOX – Sarbanes-Oxley Act (2002)
  • COPPA – Children’s Online Privacy Protection Act (2000)
  • GLBA – Gramm-Leach-Bliley Act (1999)
  • FDA – Food and Drug Administration Regulation (1997)
  • HIPAA – Health Insurance Portability and Accountability Act (1996)
  • ECPA – Electronic Communications Privacy Act (1986)
  • SCA – Stored Communications Act /Wiretap Act (1986)
  • FPA – Privacy Act (1974)
  • FTC – Federal Trade Commission Act (1914)

You need to understand that some, if not all, of these regulations do apply to your business. And yes, the FTC can and will sue your business under the Federal Trade Commission Act of 1914 for cyber security violations (FTC v. Wyndham Worldwide Corporation).

What does cyber security governance policy involve?

Isn’t Cyber Security Governance the same as IT Governance? If your IT Governance program includes an effective cyber security component, then…yes. An effective Cyber Security Governance program should specialize in these 6 distinct areas:

Strategy and Planning
Address evolving security conditions by collaborating across the organization to enact consistent application of cyber security standards and policies.
Budget and Acquisition
Involve security personnel within the acquisition approval process as well as ensuring cyber security is a budget priority for every department.
Risk Identification and Mitigation
Establish risk management standards and policies inclusive of departmental working groups in the risk identification and mitigation process.
Incident Response (Cyber Resilience)
Define an incident response plan outlining authority and responsibility inclusive of mechanisms escalating incident response management between departments and security.
Information Sharing
Build trusted relationships to share different types of cyber information (e.g., cyber threat indicators, cyber risk mitigation strategies) across public and private sectors.
Workforce and Education
Leverage a range of cyber security education and organizational training programs to enable a culture of information security.

Your leadership should be entitled to achieve an organizational security program. If you have an IT Leader, talk with them to gain a better understanding of how your organization’s Cyber security Governance program is setup.

And, if after having the conversation, you realize that your organization doesn’t have a Cyber security Governance program or feel that your current Cyber security Governance program should be modernized, then it’s time to consider looking outside for help.

Want to learn more about Cyber Security Governance
Schedule a Meeting!