//
you're reading...
Information Security, IT & TECHNOLOGY

Viewing Cybersecurity as a Business Enabler Versus a Money Pit


Money

A data breach can cause a loss of revenue, destroy shareholder value, erode consumer trust and even open you up to legal consequences, whereas better security can add value to a company by preventing attacks, detecting breaches faster and mitigating the damage caused by cyber threats. The Ponemon Institute’s 2016 Cost of Data Breach Study estimates that the average consolidated total cost of a data breach is $4 million; so why do we still view cybersecurity simply as an operating cost?

Unfortunately, cybersecurity is often viewed as the organization that always says no versus the organization that makes the business go. Cybersecurity professionals deal with many paradoxes, for example information, software and infrastructure need to be secure yet usable. Yet usability is often viewed as being negatively impacted by the security measures taken. No organization gets a pass when it comes to risk, so it is paramount that organizations conduct ongoing risk analysis. Fleshing out the impacts and probability of identified risks is essential; however, at the end of the day, organizations are going to have to accept some degree of risk. The only other option is to close the doors and close up shop.

Organizations that have no understanding of their risks are operating in the dark. Businesses must assess their risks and determine their appetite for accepting various risks required to support their business model. With all the technological advances and the seemingly ever broadening attack surface, the valuation of information assets is still foundational to any cybersecurity program. When you’re placing a value on your information, you must gauge what the loss or modification of your information would mean to the organization and its stakeholders. Things like cyber value at risk and cybersecurity insurance to help recover from a data breach are business enablement considerations. Perhaps the most important factor to seeing cybersecurity as a business enabler versus a money pit is communication between the CISO and the C-suite. The CISO must be able to effectively communicate the investments in cyber into business terms. We can’t accomplish this by going down a path of technobabble, but rather, we must put cybersecurity into business enablement terms that resonate with the C-suite.

By David Shearer, CISSP
CEO of (ISC)²

[(ISC)² Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 124,682 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,533 other followers

Twitter Updates

Archives

April 2017
M T W T F S S
« Mar   May »
 12
3456789
10111213141516
17181920212223
24252627282930
%d bloggers like this: