Some C-level executives believe that the only answer to cyber security is technology and that the IT department can handle any IT security problems, regardless of resources. This is a very common example of the backlash that most likely comes from a lack of communication between the IT department and the board.
According to the 2014 Security Pressures Report by Trustwave, 65% of IT pros are pressured to use security products with all of the latest features, despite 1 out of 3 not having the resources to do so effectively.
Whilst technology is an important part of your cyber security defence, the most effective weapon against cyber threats is one that is built using a healthy combination of people, process and technology.
Technology is only effective, if it’s supported by people with the right skills
People are arguably the most important aspect of cyber security, but are also one of the organisation’s most vulnerable assets. You can deploy the best technical solutions and have the most rigorous processes in place, but if the people within your organisation do not have an understanding of the issues and concerns associated with cyber security, they can easily undermine your entire cyber security investment.
The voice of the IT department is important
I recently reached out to a group of IT Professionals to ask what their opinion on the Trustwave report is. One particular response said:
“Just because I work in IT, doesn’t mean I know everything about IT. A heart surgeon is still a surgeon, but you wouldn’t expect them to know about brain surgery and the same goes for IT; we’re not all experts on security”
The message this professional is trying to get across is that if the board expects their IT team to know about every aspect of cyber security, then they’re going to have a hard time.
Training exists for a reason. If you want to provide your IT Department with state of the art cyber defences, then it’s a good idea to provide them with the relevant cyber security training.
Best practice cyber security frameworks – ISO 27001
ISO 27001, the internationally recognised information security standard, makes the most out of the three vital areas of cyber security. It provides organisations with an information security management system (ISMS) which helps reduce the risk of successful cyber attacks. It also ensures that all members of staff have the appropriate knowledge of information security so that they can get the most out of the technology without jeopardising your organisation
The Case for ISO 27001, a book written by ISO 27001 expert Alan Calder, will take you through ISO 27001 and why it’s the best option for your organisation to defend itself against the on growing cyber threats. It will also provide you with the knowledge needed to build a business case which can be presented to management for implementing ISO 27001.