cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
wolnqp
Viewer

How are Cybersecurity professionals forming their strategy?

Hi,

 

How are Cybersecurity professionals forming their strategy?

 

It makes a lot of sense to follow lessons learnt, and to have objectives that can be met.

The same issues are clear in other defence avenues.


We're constantly suffering from being behind and not being able to proactively stop new attacks.

Our strategy needs to put us in the driving seat and do better than just reacting.

 

An article i read on military defence listed four aspects of that strategy and in Cybersecurity terms they could look like this:  192.168.l.l routerlogin 192.168.0.1

 

  • Firstly, we need complete freedom of action, and support from the board and senior management.
  • Second, we should be capable of being on top of most known threats due to protective measures.
  • Third we should have a good picture of what is happening around us


With the first three we should be superior to other systems when applying countermeasures.

 

It would be good to exchange views on strategy choices and see how objectives are going to be met.

2 Replies
Steve-Wilme
Advocate II

If your query is about countermeasure to technical attacks, assuming that you have the basic security practices in place Mitre ATT&CK would be a good place to start.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
JWG_60
Newcomer I

A couple of key items to consider in developing a cybersecurity strategy. 

 

1. Are you following a cybersecurity framework that best aligns to the mission of your business? ISO 27001, NIST or NIST CSF? 

 

2. Do you have a current, accurate and complete IT asset inventory (including OS, firmware, and applications)? 

A current topology diagram that not only depicts the IT architecture but also the flow of information to and from the organization. 

 

3. Do you have a full understanding of the business's mission critical functions? And the business's future objectives and goals? What areas is the business willing to accept / manage risks. 

 

Having this information, will give you a high overview of the "as-is" status and good start towards organizing a "to-be" status and importantly resourcing a  cybersecurity strategy. 

 

Hope this helps. All the best.