https://community.isc2.org/t5/Governance-Risk-Compliance/How-are-Cybersecurity-professionals-forming-their-strategy/m-p/48055#M527 <P>A couple of key items to consider in developing a cybersecurity strategy.&nbsp;</P><P>&nbsp;</P><P>1. Are you following a cybersecurity framework that best aligns to the mission of your business? ISO 27001, NIST or NIST CSF?&nbsp;</P><P>&nbsp;</P><P>2. Do you have a current, accurate and complete IT asset inventory (including OS, firmware, and applications)?&nbsp;</P><P>A current topology diagram that not only depicts the IT architecture but also the flow of information to and from the organization.&nbsp;</P><P>&nbsp;</P><P>3. Do you have a full understanding of the business's mission critical functions? And the business's future objectives and goals? What areas is the business willing to accept / manage risks.&nbsp;</P><P>&nbsp;</P><P>Having this information, will give you a high overview of the "as-is" status and good start towards organizing a "to-be" status and importantly resourcing a&nbsp; cybersecurity strategy.&nbsp;</P><P>&nbsp;</P><P>Hope this helps. All the best.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 26 Oct 2021 16:01:55 GMT JWG_60 2021-10-26T16:01:55Z https://community.isc2.org/t5/Governance-Risk-Compliance/How-are-Cybersecurity-professionals-forming-their-strategy/m-p/47921#M509 <P>Hi,</P><P>&nbsp;</P><P>How are Cybersecurity professionals forming their strategy?</P><P>&nbsp;</P><P>It makes a lot of sense to follow lessons learnt, and to have objectives that can be met.</P><P>The same issues are clear in other defence avenues.</P><P><BR />We're constantly suffering from being behind and not being able to proactively stop new attacks.</P><P>Our strategy needs to put us in the driving seat and do better than just reacting.</P><P>&nbsp;</P><P>An article i read on military defence listed four aspects of that strategy and in Cybersecurity terms they could look like this:&nbsp;<FONT color="#FFFFFF">&nbsp;<FONT size="1 2 3 4 5 6 7"><A href="https://192168ll.red/" target="_blank" rel="noopener"><SPAN><SPAN>192.168.l.l</SPAN></SPAN></A> <A href="https://routerlogin.red/" target="_blank" rel="noopener"><SPAN><SPAN>routerlogin</SPAN></SPAN></A> <A href="https://19216801.cc/" target="_blank" rel="noopener"><SPAN><SPAN>192.168.0.1</SPAN></SPAN></A> </FONT></FONT></P><P>&nbsp;</P><UL><LI>Firstly, we need complete freedom of action, and support from the board and senior management.</LI><LI>Second, we should be capable of being on top of most known threats due to protective measures.</LI><LI>Third we should have a good picture of what is happening around us</LI></UL><P><BR />With the first three we should be superior to other systems when applying countermeasures.</P><P>&nbsp;</P><P>It would be good to exchange views on strategy choices and see how objectives are going to be met.</P> Thu, 04 Nov 2021 03:42:57 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/How-are-Cybersecurity-professionals-forming-their-strategy/m-p/47921#M509 wolnqp 2021-11-04T03:42:57Z https://community.isc2.org/t5/Governance-Risk-Compliance/How-are-Cybersecurity-professionals-forming-their-strategy/m-p/47928#M510 <P>If your query is about countermeasure to technical attacks, assuming that you have the basic security practices in place Mitre ATT&amp;CK would be a good place to start.</P><P>&nbsp;</P> Mon, 18 Oct 2021 07:21:39 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/How-are-Cybersecurity-professionals-forming-their-strategy/m-p/47928#M510 Steve-Wilme 2021-10-18T07:21:39Z https://community.isc2.org/t5/Governance-Risk-Compliance/How-are-Cybersecurity-professionals-forming-their-strategy/m-p/48055#M527 <P>A couple of key items to consider in developing a cybersecurity strategy.&nbsp;</P><P>&nbsp;</P><P>1. Are you following a cybersecurity framework that best aligns to the mission of your business? ISO 27001, NIST or NIST CSF?&nbsp;</P><P>&nbsp;</P><P>2. Do you have a current, accurate and complete IT asset inventory (including OS, firmware, and applications)?&nbsp;</P><P>A current topology diagram that not only depicts the IT architecture but also the flow of information to and from the organization.&nbsp;</P><P>&nbsp;</P><P>3. Do you have a full understanding of the business's mission critical functions? And the business's future objectives and goals? What areas is the business willing to accept / manage risks.&nbsp;</P><P>&nbsp;</P><P>Having this information, will give you a high overview of the "as-is" status and good start towards organizing a "to-be" status and importantly resourcing a&nbsp; cybersecurity strategy.&nbsp;</P><P>&nbsp;</P><P>Hope this helps. All the best.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 26 Oct 2021 16:01:55 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/How-are-Cybersecurity-professionals-forming-their-strategy/m-p/48055#M527 JWG_60 2021-10-26T16:01:55Z