Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How are Cybersecurity professionals forming their strategy?



How are Cybersecurity professionals forming their strategy?


It makes a lot of sense to follow lessons learnt, and to have objectives that can be met.

The same issues are clear in other defence avenues.

We're constantly suffering from being behind and not being able to proactively stop new attacks.

Our strategy needs to put us in the driving seat and do better than just reacting.


An article i read on military defence listed four aspects of that strategy and in Cybersecurity terms they could look like this:  192.168.l.l routerlogin


  • Firstly, we need complete freedom of action, and support from the board and senior management.
  • Second, we should be capable of being on top of most known threats due to protective measures.
  • Third we should have a good picture of what is happening around us

With the first three we should be superior to other systems when applying countermeasures.


It would be good to exchange views on strategy choices and see how objectives are going to be met.

2 Replies
Advocate II

If your query is about countermeasure to technical attacks, assuming that you have the basic security practices in place Mitre ATT&CK would be a good place to start.


Newcomer I

A couple of key items to consider in developing a cybersecurity strategy. 


1. Are you following a cybersecurity framework that best aligns to the mission of your business? ISO 27001, NIST or NIST CSF? 


2. Do you have a current, accurate and complete IT asset inventory (including OS, firmware, and applications)? 

A current topology diagram that not only depicts the IT architecture but also the flow of information to and from the organization. 


3. Do you have a full understanding of the business's mission critical functions? And the business's future objectives and goals? What areas is the business willing to accept / manage risks. 


Having this information, will give you a high overview of the "as-is" status and good start towards organizing a "to-be" status and importantly resourcing a  cybersecurity strategy. 


Hope this helps. All the best.