INSIGHTS May 2019
Cyber Security – Risk-Orientated-Resilience Based Cyber Security
Listening to Elizabeth Mann from EY Americas Health and Life Sciences Cybersecurity: Principal (25 years of Info Security background) NYC.
Speak on Cyber Speak – InfoSec
What does Cyber security mean in our market today. Our specialist professionals at Capstone have a background of diverse sectors both public and private; from healthcare to education, tourism, financials, transport, the list goes on. Case in point, IT Cyber risk is inevitable for today's digital world where every individual has a smart device or, at a minimum a laptop to engage with their business or service.
While technology has changed and molded more to our needs in business the subject of Cyber security has always been a scary topic thrown into the IT backroom. It is only recently we have begun to put more resources into Cyber protection as the fear grows with new technologies, we don’t all fully understand yet. Our only tactic, however, shouldn’t just be to throw more resources at our IT departments and/or 3rd party providers.
But, rather, build Risk resilience into an “exciting thing” from the ground up, something to ‘enable trust” as Elizabeth put so enthusiastically. This new methodology brings a new design to how risk can be implemented into the primary business structure.
Elizabeth’s suggestions are based on putting Cyber controls and practices into the design of moving and expanding businesses.
For example, from a geographical perspective, the methodology in practice would be to analyze the cyber threats that will affect the client before the set-up of a live business. This agile tactic would help avoid cyber threats before they occur, saving resources and getting their business up and running safely quicker. Understanding the environment of their base, asking the right questions, having an understanding of the 3rd party environment, will be how Cyber teams assist in building this stronger foundation compared to traditional; search after something occurs or is due.
This enables businesses to embrace an irritate agile approach; scoping the issues prior to the big picture stuff begins. Ensuring safety from word go and an ongoing eye kept on the controls.
“Embracing these controls in the process will ensure more trust in the system rather than this fear factor; Using it an enabler of Trust in the control/systems.” E.M