DailyPost 362
CYBER SECURITY MANAGEMENT
The world has gone hyper on the technology part of cyber security not realising the fact that finally it has to be brought in the fold of a management framework to deliver . Being in a business enterprise & still being out of it certainly does not deliver goods. Cyber Security teams fail to communicate with the senior leadership & which in return fails to articulate cyber security strategy to the technical Cybersecurity personnel. This is the beginning of the challenge.
Cyber Security is no longer a simple technical solution, its management has become the business function of today’s industry. As a business function, greater integration with the other business units is must on the platform of greater levels of transparency & a mandated performance reporting. Cybersecurity today also remains undefined in business terms. The contention that the Cybersecurity management program is too technical & should be left on its own does not hold ground.
Though the Cybersecurity world feels it’s not feasible to create a universal Cybersecurity management framework to address all countries, industries & states, yet the reality it is otherwise. Analysis of commonalities indicate that it can happen . It should happen in everybody’s interest. It should not be made unduly technical, which impedes its implementation & operationalization.
This management matrix would be dependent on three criticals of 1) Executive Management (Strategy)Pillar, 2) Operations Pillar and 3) Tactical (Technology) Pillar. This has to be broken down for the purposes of implementation convenience. Broadly, it can be broken down into 40 elements.
Reaching Cybersecurity maturity level would be journey. Given the nature of challenge, the journey ought to start forthwith. Security Policy would neatly indicate the endpoints. Cybersecurity professionals will have to delineate the journey. Herein, lies their success & their utility.
ONLY CYBER SECURITY MANAGEMENT CAN PROVIDE DIRECTION TO OUR EFFORTS.
Sanjay Sahay