Cyber-crime is largely a crime of opportunity. Just like a burglar cases the neighborhood looking for easy pickings. Cyber-criminals case the Internet looking for victims who make it easier to steal from them, the companies they lead or belong to.
By adhering to the Security Trifecta® and implementing a proactive cyber security strategy based in Governance, Technology and Vigilance, you stop looking like low hanging fruit.
The Security Trifecta in brief:
Governance Documentation: The foundation for what we do is based upon the written word. We collectively, collaboratively, cooperatively establish standards that are based upon philosophy, legal requirements, best practices, and regulatory demands.
Technological Enforcement: When governance documentation has been established, we set about implementing and enforcing those standards as much as possible through the usage of technology. Some technology implementations allow for the end user to exercise greater choice and control, whereas others strictly enforce our standards taking the human choice element out of the mixture.
Vigilant Teamwork: The reality is that nothing works very well without teamwork. Controls and standards break down without careful tending just like weeds take over our gardens without vigilance. We must regularly review our security standards validating their relevancy and we will remain agile to adapt to the changing business landscape putting into practice carefully considered revisions to our ongoing security program.
The Security Trifecta is an effective and logical approach to information security I developed over the course of my career. The interesting thing is that the conceptual approach may also be applied to any other business process making it formidable to say the least.
By using a risk management approach you identify what matters most to your business, what vulnerabilities and threats you need to consider that threaten those business assets, what gaps exist in governance and technology and establishing a plan to eliminate those risks all of which make you a far less tempting target and less like low-hanging fruit!
I’m passionate about making a difference and that starts with helping you and your company. Please consider my company Lazarus Alliance for IT risk, IT audit and compliance and IT governance.