{"id":238073,"date":"2022-04-26T12:50:00","date_gmt":"2022-04-26T12:50:00","guid":{"rendered":"https:\/\/www.seekingfire.com\/?p=238073"},"modified":"2022-05-05T00:55:36","modified_gmt":"2022-05-05T00:55:36","slug":"the-four-stages-of-cybersecurity-program-development-part-one","status":"publish","type":"post","link":"https:\/\/www.seekingfire.com\/business\/the-four-stages-of-cybersecurity-program-development-part-one\/","title":{"rendered":"The four stages of cybersecurity program development \u2014 part one"},"content":{"rendered":"\n
We’ve said it before, and we’ll repeat it again; in some ways, cybersecurity is in permanent beta. The threats and challenges are constantly evolving, and no organization, institution or business is 100% secure forever. Cybersecurity is never really ‘finished.’ It’s an ongoing process with important milestones along the way. You can\u2019t order it in a pre-packaged box online, it takes time and effort to develop a program specific to your needs.<\/p>\n\n\n\n
With that said, security program development (i.e. creating a cybersecurity posture for your distinct needs) typically follows four key phases for most organizations, each one building on the last. Over the coming months, we’ll be crafting a blog post specific to each stage. We’re looking at the initial stage, or the foundational phase, for this post.<\/p>\n\n\n\n
Every small to medium-sized business presents its own set of challenges and opportunities. Business owners are often pulled in a wide variety of different directions daily. For many, developing a robust cybersecurity posture is relatively low on the priority list. It isn’t that these business owners don’t care about securing their intellectual property or their customers’ data, but rather, they’re rushed off their feet and don’t really know where to begin. It’s something that they’ll get to next week when things settle down a bit (FYI – this rarely happens! Just saying).<\/p>\n\n\n\n
In this environment, businesses often grow with ad hoc IT and little in the way of proper IT management. If this sounds familiar, you’re not alone. We work with many organizations and have seen it all over the years. So if you’re in this boat, where do you start?<\/p>\n\n\n\n
While it might not seem to be directly security-related, implementing some common formal IT management best practices goes a long way towards improving overall security posture. An excellent place to begin is by developing an inventory of critical IT and information assets. What are you working with, and what are your essential information assets \u2014 i.e. what do you need to function?<\/p>\n\n\n\n
Once that is done, the next step involves documenting all IT operational procedures. The ‘what happens if I get hit by a bus next week?’ backup plan. Granted, it isn’t a nice thing to think about, so let’s put it another way \u2014 what happens if you want to take a vacation to the Bahamas? Better to document those procedures so you can easily onboard new team members and also have a good handle on your information technology policies and procedures.<\/p>\n\n\n\n