In 2017, some of the world’s most devastating cyber attacks were seen. Insider threats continue to be the primary reason for such high profile data breaches year over year.

With the rise of malware as a service, insiders are now more than capable of sabotaging a company’s operations or stealing data to sell on the darknet. Without the right support from management, preventing severe data breaches can become near impossible. Malicious insiders paired with increasingly dangerous malware means that management needs to be actively involved in security.

It is common for management to assume that cyber security is a matter best handled by the IT department or the internal cyber security team. However, this is far from what good cyber security practice means today. Much of this illusion is due to the inherent technical nature of cyber security; the other aspects of people and processes are not emphasized as much.

This article specifically focuses on best management practices to improve the people and process side of cyber security. Let us discuss how organizations of any size can take measures to ensure that their cyber security is top of the line.

Digital Asset Identification

The operational definition that we use for asset comes from the ISO 55000.

According to the ISO standard an asset is something with current or potential value to an organization, and is under their responsibility.

While the ISO 55000 is focused on physical asset management, this definition also applies to digital assets as well, including data. What makes a “critical asset” goes beyond value; rather, a critical asset could severely damage the ability of an organization to continue operations if the asset is ever degraded in any way.

Data is one of the single most important assets for any organization in today’s world.

However, not all data (Read more...)