1 (306) 502-1116

The four stages of cybersecurity program development — part four

Tillman Hodgson

Welcome to part four of our four-part series on security program development. Our purpose in developing the series is to give organizations a helpful overview of creating a cybersecurity posture. ‘Cybersecurity posture’ is basically just a fancy way of referring to your overall cybersecurity setup/strength. If you’ve made it to this part in the series, […]

Welcome to part four of our four-part series on security program development. Our purpose in developing the series is to give organizations a helpful overview of creating a cybersecurity posture. ‘Cybersecurity posture’ is basically just a fancy way of referring to your overall cybersecurity setup/strength.

If you’ve made it to this part in the series, our hope is that you should have a good understanding of how to develop a healthy cybersecurity setup for your organization. However, if you haven’t reviewed parts one through three yet, we recommend starting there (part one, part two, part three). In general, there are four key phases to security program development for most organizations—this post reviews phase four, or the Improvement stage.

Phase Four of Security Program Development

In business, the bottom line matters. We get that. In this phase, your cybersecurity program goes from merely being ‘deployed’ to something from which your business can extract real value. Not only that, but as the name suggests, this is the phase where you get to measure, review, tweak and improve the program.

So how exactly can your cybersecurity program impact your bottom line?

  • It can reduce your premiums for cybersecurity insurance (which are going up, up and up)
  • It can reduce your downtime and protect your critical assets and intellectual property
  • It can foster consumer trust leading to further opportunities
  • It can ensure your organization is in legal compliance and meeting its obligations

In a way, it’s a little like insurance. You hope it will exist relatively in the background, far from your thoughts. However, if an incident occurs, you’ll be pleased to have the protection your cybersecurity program offers.

Keeping Your Security Program in Fighting Shape

The bad guys rarely take a day off, so neither should your security program. In terms of keeping your program in fighting shape, there are a few things that we recommend:

  • Revisit your objectives at least once a year to ensure that your cybersecurity program remains aligned with your needs and goals.
  • Set measurable objectives for the security program to review its success and connect it to your organization’s business objectives.
  • Over the year, measure the effectiveness of your security controls. Depending on the control and the type and size of your business, monthly or quarterly measurement may even make sense.
  • Once a year, do an internal audit of your controls.
  • Ensure that the results of the measurements and internal audit are reviewed by management. Where gaps occur, manage and adjust the security program to address them. This keeps the security program aligned to your business requirements and also keeps it ‘evergreen’ so that your once-new-and-shiny controls don’t silently stop serving their intended purpose.

Just like a boxer, you want to keep your program primed and in ‘fighting shape.’ You never know when it might be called to the ring for a big bout!

This ongoing work should help keep your program healthy and fit for a long time. But, of course, should you need any help figuring out what might work best for your specific needs, we can help. At SeekingFire Consulting Inc., we work with small to medium-sized organizations across Western Canada on their cybersecurity needs. We offer free consultations to all prospective clients. If you’d like to learn more, please reach out to start the conversation.

Disclaimer

While we have made every effort to present accurate, unbiased and helpful information in this article, please note that it reflects the author’s opinion and is written for the purposes of general knowledge, information and discussion. This article is not intended as legal advice, nor should it be considered as advice specific to your individual data security situation. If you would like to discuss your cybersecurity needs in specific detail, please get in touch with us.

Ready to learn more?

Today’s hackers are sophisticated and organized

Today’s hackers are sophisticated and organized

Often, we think of hackers as loners getting up to mischief in a basement apartment somewhere. We don’t think of them as big business — but they are!

Today’s hackers are often part of a large organization with sophisticated means of stealing data from customers and employees of companies big and small. Most insidious are ransomware disguised as software programs and plugins. They work from the inside out, creating backdoors that can rob you of sensitive data for a year or more before they are even detected.

read more
Data Security: Getting Your Team on Board 

Data Security: Getting Your Team on Board 

Data security is everyone’s responsibility in the workplace. Commitment to keeping your information safe can’t be handed off to your IT Team. While they may be responsible for alerting management and initiating a cohesive response to a cyberattack, the bulldog guarding the front door is every member of your organization using the company’s computers and mobile devices to conduct business.

read more
Don’t let the cybersecurity Grinch ruin your Christmas

Don’t let the cybersecurity Grinch ruin your Christmas

With the festive season upon us, we're here with a friendly reminder: Don't let the cybersecurity Grinch ruin your Christmas fun! There's never a good time for a data breach, but some times are certainly more inconvenient and disheartening than others. The best thing...

read more