If your Cyber Security is only about technology expertise and watchers inside a Security Operations Center, then you risk the enterprise.   

 

The layers of security across the network, applications, data, cloud, endpoints or IoT constitute a logical means to compartmentalize technology. But the key to your defense is in cyber awareness.   And that's the business of everyone in the company.

​

Cyber security should be on the BoD agenda at every meeting, as an educational opportunity and assurance that the CISO and the cyber professionals are steeped in the business processes of the firm.  Similarly the board should know enough of the cyber lexicon to add extensive value to the conversation.

 

• Is your Cyber Security practice embedded into corporate processes and have you built alliances with Privacy, Legal and HR?

​

• Is your cyber posture proactive and part of the firm's staff education?

​

• Can you articulate your cyber operating model in terms of an executive paradigm, meshing your cyber practices with your business value chain?

 

• Is Cyber Security seamlessly integrated with your governance, risk and compliance functions?

​

Provide an illustrative view of the environment and end-to-end value chain, with cyber protections identified according to those processes.

​

Cyber security isn't just effected due to regulatory mandates only, or only under pain of penalty.   If you care about your customers as most firms say they do, then you are the steward of your and their critical information.