Building a Cyber Security Program Pt. 2

With the first part of this article series based around the culture and people aspect, next I wanted to tackle another focus area to a Cyber security program. Data classification and governance are pillars of cyber security that can prioritize where and what defenses to have in place. When we think about data classification - what is public? what is confidential? what is internal? Understanding the type of data in products and services or in general for areas of the company can drive how many and what type of controls would be in place. Next, with Governance we look at a combination of inventory and accountability. What is everything the company has with technology? How does new technology get enabled and connected? General questions to scope where potential digital footprint would be. Combining these areas can be instrumental in establishing a risk tolerance level for an organization. These are a few starting points or points to evaluate on in your current cyber security program. Stay tuned for more articles to come. Have a great day and please share this if you got value.