Cyber Security Governance
Cyber Security Governance
Aquia Solutions | Cyber Security Governance
Over the last several years many organizations, large and small, have suffered major security breaches. That’s because evolving technology enables evermore resourceful cyber crime, forcing organizations to revamp their corporate structure and make cyber security governance an integral part of their risk posture.
What is Cyber security Governance?
Cyber security Governance is a framework that provides a structured and measurable approach to combine security strategies with business strategies. It’s a distinct aspect of Information Technology that focuses on developing and maintaining the 4 “P’s” of security: Products, Processes, Policies, and People.
Complying with security requirements is not an easy task. Here are a small sample of active and enforceable regulations:
- GDPR – General Data Protection Regulation (2018)
- CPPA – Consumer Privacy Protection Act (2017)
- EUUS – EU/US Privacy Shield (2016)
- SOX – Sarbanes-Oxley Act (2002)
- COPPA – Children’s Online Privacy Protection Act (2000)
- GLBA – Gramm-Leach-Bliley Act (1999)
- FDA – Food and Drug Administration Regulation (1997)
- HIPAA – Health Insurance Portability and Accountability Act (1996)
- ECPA – Electronic Communications Privacy Act (1986)
- SCA – Stored Communications Act /Wiretap Act (1986)
- FPA – Privacy Act (1974)
- FTC – Federal Trade Commission Act (1914)
You need to understand that some, if not all, of these regulations do apply to your business. And yes, the FTC can and will sue your business under the Federal Trade Commission Act of 1914 for cyber security violations (FTC v. Wyndham Worldwide Corporation).
What does cyber security governance policy involve?
Isn’t Cyber Security Governance the same as IT Governance? If your IT Governance program includes an effective cyber security component, then…yes. An effective Cyber Security Governance program should specialize in these 6 distinct areas:
Strategy and Planning
Budget and Acquisition
Risk Identification and Mitigation
Incident Response (Cyber Resilience)
Workforce and Education
Your leadership should be entitled to achieve an organizational security program. If you have an IT Leader, talk with them to gain a better understanding of how your organization’s Cyber security Governance program is setup.
And, if after having the conversation, you realize that your organization doesn’t have a Cyber security Governance program or feel that your current Cyber security Governance program should be modernized, then it’s time to consider looking outside for help.