User:Shawndouglas/sandbox/sublevel29

From LIMSWiki
< User:Shawndouglas‎ | sandbox
Revision as of 18:22, 20 December 2019 by Shawndouglas (talk | contribs) (Created page with "==6. Closing remarks== <blockquote>Cyber-Security is much more than a matter of IT.<br /> <br />- Stéphane Nappo, CISO of Société Générale</blockquote> After workin...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

6. Closing remarks

Cyber-Security is much more than a matter of IT.
 
- Stéphane Nappo, CISO of Société Générale

After working through this guide, the quote of Stéphane Nappo should ring true; there's more to cybersecurity than focusing on information technology and technological expertise. Yes, those remain important elements of the recipe for cybersecurity success, but more ingredients are involved. First, the organization needs to not only want to improve cybersecurity, but it also needs enthusiastic support of that goal from leadership. Without support and encouragement from the higher levels in the form of active participation and financial buy-in, it's difficult to change the organizational culture. Second, the cybersecurity strategy isn't going to simply coalesce; it requires strong project management and a clearly defined plan. Without them, implementation of any cybersecurity measures will be, at best, haphazard and minimally effective. Third, effective communication, training, response, and monitoring plans are required to get full buy-in from personnel and associated third parties, as well as to ensure cyber attacks are held to a minimum and, when they do happen, they are addressed rapidly and efficiently. Without those elements, any implemented cybersecurity plan will lack potency over the long term, leaving the organization more prone to cyber attacks and financial consequence.

This guide has hopefully provided you with all the considerations required to develop an effective, living cybersecurity plan for your organization. As part of that development effort, this guide has also addressed the benefits and uses of cybersecurity standards frameworks. The decision of which frameworks to choose isn't to be taken lightly; however, when chosen and implemented well, they have the potential to assist the organization with developing their overall cybersecurity strategy. The frameworks' security control, program development, and risk management elements can help deduce gaps between current system state and desired system state, as well as gaps in internal expertise, hardware, and policy. Most frameworks are also build on or mapped to other existing standards and frameworks, which have been developed by a broad consensus of interested individuals with expertise in cybersecurity and the fields requiring it. Regulatory bodies have also shaped those standards and frameworks, meaning that the organization that effectively uses cybersecurity standards frameworks in their plan development will be prepared at go-live for conformance to regulations.

Retrieved from "https://www.limswiki.org/index.php?title=User:Shawndouglas/sandbox/sublevel29&oldid=37209"