CyberSecurity and Implementing it Successfully

Cybersecurity is the care for networks, programs, and systems from theft and attacks. Overall, the care for Cybersecurity becomes more difficult and easier overtime due to different advances in technology. Going more in depth of the care for cybersecurity, it is a shared management between IT and Business. Though many seem to see it as a responsibility for IT,. Not many from in the business side of it know their own responsibilities and how to properly use the tools of cybersecurity. 

An article written by Bobby Singh, Cybersecurity Success: A shared Responsibility Model Between Business and IT, discusses the structure of management of cybersecurity between both parties. When most cybersecurity fails occur, it’s due to not knowing responsibilities. For example, “In order to get traction, responsibilities must be clearly stated and cast into corporate policies supported by defined business processes and audited for compliance”(Singh). Both parties, Business and IT are both responsible for cybersecurity. Knowing certain rules and responsibilities can prevent a conflict in the future, for example: 

  • “Allocating Funding And Resources For Risk Treatment Plans”
    • The business must decide whether it wants/ needs to invest in new advancements for securing their systems. 
  • “Document Processes, Applications and Data Classification”
    • Usually, IT has a good understanding of this topic, but business personnel should have some knowledge of this to inform clients.
  • “Assign Asset and Data Owners”
    • This is a very important and complex topic that needs lots of responsibility. Business personnel, specifically business leaders, should take the responsibility of assigning assets and data owners.
  • “Develop Business Continuity Planning And Define Recovery Objectives”
    • A back up plan is very important to have just in case all goes wrong and how to prevent it from happening again. IT and Business work hand in hand on this topic. Business decides plan while, IT implements it.
  • “Participate In Training and Awareness Events”.
    • The business manager and their staff should be well informed of cybersecurity and ways to prevent conflicts from arising. Attending trainings and events can help inform everyone of the topic.
  • “Coordinate Planning and Budgeting With Information Security”
    • Overall, reevaluating the security solutions and whether it was effective or not is important. Both IT and the business can go over the successes and downfalls of the security solutions and plan. 

In the long run, stating, defining, and assigning responsibilities can assist in successful security. Cybersecurity exists to protect businesses. Due to this, more business personnel should take this into account and learn how to protect the systems. IT are representatives of the business. Together, they can prevent conflicts occurring and overall having successful security for networks, programs, and systems. 

References

Singh, Bobby. “Cybersecurity Success: A Shared Responsibility Model Between Business And IT.” Forbes, Forbes Magazine, 21 Feb. 2020, www.forbes.com/sites/forbestechcouncil/2020/02/21/cybersecurity-success-a-shared-responsibility-model-between-business-and-it/#16c99c0dc03b.