Steps For Cyber Security Blog Header Template
14, 2017

5 Fundamental Steps for Cyber Security

Every business connected to a network is data rich target for cybercriminals. “Ransomware,” which was a term rarely unheard of until a few years ago, is now a daily threat. IoT hacking, DDoS attacks, and internal threats are all a reality today as well, making the job of IT security teams never complete. And as cyber threats and attack methods evolve, so must the way businesses think about IT security.

Michal Zanga, formerly of the Royal Bank of Scotland, stresses that having a cyber security policy document in place is the first step in protecting businesses data and other digital assets from malicious actors. “You have to start with a policy in place,” says Zanga, “and it has to be comprehensive across the organization.” But the policy is just that-a first step in a series of actions IT teams and businesses must commit to and stay on top of.

The whitepaper CISO Best Practices: The Starting Point for Cyber Security -- available to members of Consortium -- is based on the premise that, at some stage, all networks will face attacks that expose flaws in the system. On top of building a stakeholder approved policy document, the article covers four additional steps IT teams should take in order to be prepared for when the attack happens. These additional steps include:

  • Assume you will be breached and develop a response plan
  • Using external parties to test the system and obtain valuable, independent assessment data on how to strengthen current and future security posture.
  • Addressing the internal and external channels, including those that may come from stakeholders and employees.
  • Planning ahead and instituting a system for promptly addressing ongoing changes.

Join Consortium today to get access to the full article along with other information that will help keep your data, digital assets, and business brand secure.

Ciso Dlp System
01, 2017

Developing, Implementing and Maintaining a Data Loss Prevention (DLP) System

A data loss prevention program (DLP) ensures sensitive and critical data is not sent outside the corporate network in an unauthorized manner. Unfortunately, many organizations rely on a software-only approach to monitor and control the flow of data, resulting in large gaps that leave room for internal and external threats to damage business assets. Though technology plays an important role in any effective DLP program, it's only one component. Corporate governance, team resources, and processes also need to be established in order to maximize security within the DLP framework.

Developing a business-wide DLP program requires IT to create and conduct a detailed risk assessment. The results from the risk assessment inform the CISO and other corporate stakeholders on how to proceed in implementing a DLP program. The next step of the risk assessment stage, classification of breaches, requires CISOs to identify the type of incidents that lead to data loss. This stage also identifies which internal and external groups are most likely to trigger a data loss event. The final step for the CISO is to index which departments need to be involved as part of the DLP response plan.

After risk assessment planning, the real work begins. Implementing and monitoring, resolving challenges, DLP program sustainability, network versus endpoint choices are just some of the challenges CISOs face when keeping corporate data safe.

Join Consortium today to get access to the full Best Practices white paper. Inside, you'll see how one CISO successfully deployed a DLP solution along with the lessons he learned along the way.

Get access to the full article by becoming a member of Consortium today.