Blog

Strategic tactics are key to a robust Cloud Security Posture Management regime

A cyber strategy is a documented approach to handling various aspects of cyberspace. It is mostly developed to address the cybersecurity needs of an entity by focusing on how data, networks, technical systems, and people are protected. An effective cyber strategy is normally on par with the cybersecurity risk exposure of an entity. It covers all possible attack landscapes that can be targeted by malicious parties.

Editor’s note: This is an excerpt from Cybersecurity – Attack and Defense Strategies, Second Edition, a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape.

Cybersecurity is the focal point of most cyber strategies because cyber threats are continuously becoming more advanced as more sophisticated exploit tools and techniques become available to threat actors. Due to these threats, organizations are advised to develop cyber strategies that ensure the protection of their cyber infrastructure from these various threats.

In this article, we introduce how you can build effective cyber defense strategies. Please note, the steps given are meant to help you formulate your own cyber defense strategy and can be customized according to your need.

Understand the Business

The more you know about your business, the better you can secure it. It’s really important to know the Goals of your organization, Objectives, the People you work with, the Industry, the current Trends, your Business risks, how to Risk appetite and tolerance the risks, as well your Most valuable assets. Everything we do must be a reflection of the business requirements which is approved by the senior leadership, as it has been manded also in ISO 27001.

As Sun Tzu said in the 6th Century BC, “If you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.”

A strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. In order to develop a strategy, we must first understand the threats and risks that we will be dealing with.

Understand threats and risks

It’s not too easy to define risk, as in literature, the word “risk” is used in many different ways. According to ISO 31000, risk is the “effect of uncertainty on objectives” and an effect is a positive or negative deviation from what is expected.

The word “risk” combines three elements: it starts with a potential event and then combines its probability with its potential severity. Many Risk Management courses are defining risk as: Risk (potential loss) = Threat x Vulnerability x Asset

It’s really important to understand that all risks are not worthwhile to mitigate. If the mitigation is going to be costly then a single occurrence or if it’s not a major risk then the risk can be accepted.

Document

As in everything else, documentation is really important and it’s a key aspect of every Strategy. When it comes to treatment settings, or helping assurance of business continuity, documentation plays a critical role. Documenting the cyber strategy will ensure efficiency, consistency, and peace of mind for anyone who is involved. Documentation helps to establish standardization between processes, and ensures everyone in your organization is working the same way towards the same outcome.

The following illustration shows how a good Cyber strategy documentation should look like:

A good Strategy document should list what the strategy is, and why it’s needed. It has to be clear, and easy to understand. It should highlight any urgency with some mitigations options which should highlight the benefits of the given choices and how its going to address the business issues.

Having the Cyber strategy documents, can help you easier to be aligned with the business strategy as well as with the Business drivers and goals. Once this has been aligned, you can build the technical aspects and the cyber transformation plan to be more Cyber Safe.

About the Authors. Yuri Diogenes is a Senior Program Manager at C+AI Security and a Professor at EC-Council University. Dr. Erdal Ozkaya focuses on securing cyberspace and sharing his real-life skills as a security adviser, speaker, lecturer, and author.

Ozkaya

Dr. Erdal Ozkaya is a leading Cybersecurity Professional with business development, management, and Academic skills who focuses on securing the Cyber Space & sharing his real-life skills as a Security Adviser, Speaker, Lecturer, and Author. Erdal is known to be passionate about reaching communities, and creating cyber aware campaigns and leveraging new and innovative approaches and technologies to holistically address the information security and privacy needs for every person and organization in the world. He has authored many cybersecurity books as well as security certification courseware and exams for different vendors. Erdal has the following qualifications: Doctor of Philosophy in Cybersecurity. Master of Computing Research, Master of Information Systems Security, Bachelor of Information Technology, Microsoft Certified Trainer, Microsoft Certified Learning Consultant, ISO27001 Auditor & Implementer, Certified Ethical Hacker (CEH), Certified Ethical Instructor & Licensed Penetration Tester. He is an award-winning technical expert & speaker: His recent awards are: CISO Top 50 Award by Security ME Adviser Magazine & Tahawultech.com (2020) Legend Cybersecurity Pro by GEC Media (2019) Hall of Fame, CISO Magazine(2019) Cybersecurity Influencer of the year (2019) , CISO Magazine Cyber Security Professional of the year MEA (2019) Microsoft Circle of Excellence Platinum Club (2017), NATO Center of Excellence (2016) Security Professional of the year by MEA Channel Magazine (2015), Professional of the year Sydney (2014) and many speakers of the year awards at conferences. He also holds Global Instructor of the year awards from EC Council & Microsoft as well as Logical Operations. Erdal is also a part-time lecturer at Australian Charles Sturt University Erdal’s Social Media Accounts to follow: Twitter: https://twitter.com/Erdal_Ozkaya LinkedIn https://www.linkedin.com/in/erdalozkaya/ FaceBook https://www.facebook.com/CyberSec.Advisor/ Instagram https://www.instagram.com/drerdalozkaya/ Amazon https://www.amazon.com/-/e/B0796D9KQ4 He has built and managed CEO IT from scratch into a multi-million dollars National Training & IT Solutions center. With the skills, he has gained, he has introduced & repeated the success with KEMP Technologies, where he was tasked to single-handedly manage the ANZ region and then build the business in the Asia Pacific region. From there he joined Secunia as CISO in Dubai and extended his experience in Middle East & Africa. Beginning of 2016 he joined Microsoft as a Cybersecurity Architect / Trusted Security advisor where he is responsible in the EMEA region. Erdal currently works at Standard Chartered Bank as Head of Infomation and Cyber Security in a Managing Director status.

İlgili Makaleler

Bir Yorum

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu