Home » Security Bloggers Network » Cybersecurity Is (Still) Everyone’s Job

Cybersecurity Is (Still) Everyone’s Job

As noted previously—and as we all know—an organization cannot be secure until the entire workforce is engaged in reducing cyber risks. Each member of the group has the power to harm or to help, since each one has access to information systems, handles sensitive data and makes decisions every day which maintain, erode or strengthen the human “attack surface” of the organization.

But most employees lack the interest or knowledge to contribute positively to the organization’s security.

To address this shortcoming, a recently-published guidebook, Cybersecurity is Everyone’s Job, provides guidelines for everyone in an organization to do their part with helpful tips and references to demystify their role in cybersecurity and—more importantly—give them practical and effective actions to take.

A publication of the Workforce Management subgroup of the National Initiative for Cybersecurity Education (NICE), these guidelines reflect the input of numerous experts from government, industry and academia. Intended for the non-technical audience, the guidelines are written in practical, plain-language terms with the intention of arming the reader with specific things to do.

Most importantly, the guidebook tackles the common misperception that cybersecurity is a technology problem looking for a technology solution… that if we could only fix a glitch or install a product, the problem would go away. Rather, it reinforces the understanding that cyber-risks are an enterprise-wide challenge requiring a cross-functional, interdisciplinary response across all parts of the organization.

A key feature of this publication is that guidelines are organized by common business functions with which any reader will be familiar.

The seven business functions are presented as:

• Leadership, Planning and Governance
• Sales, Marketing and Communications
• Facilities, Physical Systems and Operations
• Finance and Administration
• Human Resources
• Legal and Compliance
• Information Technology

Each section includes a brief description of the business function along with a list of (Read more...)