Strategic tactics are key to a robust Cloud Security Posture Management regime

Strategic tactics are key to a robust Cloud Security Posture Management regime

A cyber strategy is a documented approach to handling various aspects of cyberspace. It is mostly developed to address the cybersecurity needs of an entity by focusing on how data, networks, technical systems, and people are protected. An effective cyber strategy is normally on par with the cybersecurity risk exposure of an entity. It covers all possible attack landscapes that can be targeted by malicious parties.

Editor’s note: This is an excerpt from  Cybersecurity – Attack and Defense Strategies, Second Edition, a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape.

Cybersecurity is the focal point of most cyber strategies because cyber threats are continuously becoming more advanced as more sophisticated exploit tools and techniques become available to threat actors. Due to these threats, organizations are advised to develop cyber strategies that ensure the protection of their cyber infrastructure from these various threats.

In this article, we introduce how you can build effective cyber defense strategies. Please note, the steps given are meant to help you formulate your own cyber defense strategy and can be customized according to your need.

Understand the Business

The more you know about your business, the better you can secure it. It’s really important to know the Goals of your organization, Objectives, the People you work with, the Industry, the current Trends, your Business risks, how to Risk appetite and tolerance the risks, as well your Most valuable assets. Everything we do must be a reflection of the business requirements which is approved by the senior leadership, as it has been manded also in ISO 27001.

As Sun Tzu said in the 6th Century BC, “If you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.”

A strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. In order to develop a strategy, we must first understand the threats and risks that we will be dealing with.

Understand threats and risks

It’s not too easy to define risk, as in literature, the word “risk” is used in many different ways. According to ISO 31000, risk is the “effect of uncertainty on objectives” and an effect is a positive or negative deviation from what is expected.

The word “risk” combines three elements: it starts with a potential event and then combines its probability with its potential severity. Many Risk Management courses are defining risk as: Risk (potential loss) = Threat x Vulnerability x Asset

It’s really important to understand that all risks are not worthwhile to mitigate. If the mitigation is going to be costly then a single occurrence or if it’s not a major risk then the risk can be accepted.

Document

As in everything else, documentation is really important and it’s a key aspect of every Strategy. When it comes to treatment settings, or helping assurance of business continuity, documentation plays a critical role. Documenting the cyber strategy will ensure efficiency, consistency, and peace of mind for anyone who is involved. Documentation helps to establish standardization between processes, and ensures everyone in your organization is working the same way towards the same outcome.

The following illustration shows how a good Cyber strategy documentation should look like:

A good Strategy document should list what the strategy is, and why it’s needed. It has to be clear, and easy to understand. It should highlight any urgency with some mitigations options which should highlight the benefits of the given choices and how its going to address the business issues.

Having the Cyber strategy documents, can help you easier to be aligned with the business strategy as well as with the Business drivers and goals. Once this has been aligned, you can build the technical aspects and the cyber transformation plan to be more Cyber Safe.

About the Authors. Yuri Diogenes is a Senior Program Manager at C+AI Security and a Professor at EC-Council University.

Dr. Erdal Ozkaya focuses on securing cyberspace and sharing his real-life skills as a security adviser, speaker, lecturer, and author.

No alt text provided for this image

?



Brian Pereira

Sr. Executive Editor - CIO.Inc. | ISC2 & EC-Council cybersecurity certified l Aviation Enthusiast | Visiting Faculty | Moderator

4 年

Dr. Ozkaya - This is a well written essay! The quote from?Sun Tzu got me thinking. Leaders like Napoleon won battles because they knew the enemy and how the enemy thought. So they could plan their next move and be ahead of the enemy. In the cybersecurity world, security leaders need to think like hackers and bad actors. Where would they strike next? What are they after? If you know that, you would secure those assets and close those back-doors in advance.?? When creating a cybersecurity strategy one also needs to include external entities like partners, customers, suppliers -- because their networks are linked to yours. A weakness in their network will eventually impact your network. --Brian Pereira Principal Editor CISO MAG

回复

要查看或添加评论,请登录

Dr. Erdal Ozkaya的更多文章

  • BianLian From Encryption to Extortion

    BianLian From Encryption to Extortion

    BianLian first emerged in 2022, initially employing the classic “double extortion” ransomware model. This approach…

  • T-Mobile Under Siege

    T-Mobile Under Siege

    Dissecting the Salt Typhoon Cyberespionage Operation T-Mobile, a cornerstone of US telecommunications, recently…

    3 条评论
  • Cyber Security Equals Success

    Cyber Security Equals Success

    Forget the Tech Jargon, Cybersecurity is About Protecting Our Business Look, we all know cybersecurity is important…

    5 条评论
  • Decoding the Human DNA in Cybersecurity

    Decoding the Human DNA in Cybersecurity

    In the ever-evolving landscape of cybersecurity, technological advancements continually strive to fortify digital…

    2 条评论
  • Understanding the Cost of a Cybersecurity Attack

    Understanding the Cost of a Cybersecurity Attack

    The cost of cybersecurity attacks has been steadily increasing, with the average cost of a data breach reaching $4.45…

    1 条评论
  • Honored by NATO for Contributing to a Safer World

    Honored by NATO for Contributing to a Safer World

    I'm incredibly proud to share that I've received a Certificate of Appreciation from NATO 's Center of Excellence…

    6 条评论
  • Cyber Hygiene: A Critical Foundation for Modern Cybersecurity

    Cyber Hygiene: A Critical Foundation for Modern Cybersecurity

    In the contemporary digital landscape, where cyber threats have become both increasingly sophisticated and pervasive…

    2 条评论
  • Unmasking Cyber Terrorists in the Digital Age

    Unmasking Cyber Terrorists in the Digital Age

    In today’s world, where everything from our banking to our social lives happens online, the threat of cyber terrorism…

    4 条评论
  • New Era of Cybersecurity : AI and ML

    New Era of Cybersecurity : AI and ML

    The Emergence of AI-Powered Security Artificial Intelligence (AI) and Machine Learning (ML) are revolutionizing…

    2 条评论
  • Cybersecurity in the Financial Services Industry

    Cybersecurity in the Financial Services Industry

    Navigating the complexities of cybersecurity in the Financial Services Industry (FSI) demands a unique perspective…

    1 条评论

社区洞察

其他会员也浏览了