In today’s highly connected world, new cyberthreats and risks emerge seemingly every hour, around the clock. Whether it is from spearphishing, a distributed denial-of-service attack or a targeted piece of malware, connecting your organization’s systems and workstations to the internet always opens up the possibility of a cyberattack.
Unfortunately, cybercrime is becoming a very rewarding business for hackers, which means cyber risk should be the focus of every organization, public and private. If they don’t, failure means the loss of money, brand reputation, trust and customer, employee or proprietary data if not all of the above. Based on a February 2018 report from the White House Council of Economic Advisors, the United States economy lost between $57 billion and $109 billion due to cyberattacks in 2016 alone.
While nothing can fully prevent an organization from falling victim to a cyberattack, a strong cybersecurity governance model composed of policies that outline system-use and enterprise standards, expectations and rules can help to dramatically mitigate the risk of one occurring and wreaking havoc across your network.
However, just as the cyber threat constantly evolves, so too should the policies that make up the foundation of your cybersecurity program. But when is the right time to update your policies and who should be involved in that process? This article will lay out the role that cybersecurity policies play in your security program, summarize industry best practices on when policies should be reviewed and identify key organizational roles and responsibilities that should be involved in maintaining their relevance.
The role of cybersecurity policies
Cybersecurity policies outline the rules for how your organization’s workforce, third parties, partners, customers and other end users can use and access your information technology resources and the data that is stored in and transverses your network (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Patrick Mallory. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/PgGJNthm95c/