- Stakeholder / Management / Shareholder Sponsorship: It is the fundamental step or in other words the First and foremost requisite to envisage on the Cybersecurity or Cyber Resilience journey of an Enterprise. This also achieves the near impossible task of outlining well defined accountability on respective functions and team across the organization.
- Institutionalize a Governance Framework: At an enterprise level identifying and defining the overall objectives keeping in tandem with the cybersecurity guidelines, roles & responsibilities outside the operational aspects of business. The framework also encompasses the creation of
- Policies and Process at a broad level for the enterprise
- Sub categorization at each function / vertical
- Internal and External Stakeholders
- Core Team
- Assess the risks, vulnerabilities and potential impacts at an enterprise level
- Monitor and manage the identified risks by prioritize them by value of impact, at a periodic level
- Mitigation plan: Develop an overall strategy & operational plan to address the above identified risks in priority, by implementing various controls, both from Process standpoint as well as deployment of tools and technologies across all layers within and outside the organization
- Incident Management, Response and Continuous Improvement: Put a plan and team in place in occurrence of an incident, RCA(root cause analysis), and resolution strategy with internal and external stakeholders. Explore avenues of always streamlining the laid process
- Dynamic Environment: Akin to any enterprise the threat landscape is also evolving as is the skill, technology adoption by the individual who pose threat to such enterprises, not limited to adoption of AI/ML, IoT etc. by the so-called cyber criminals.
- Skill & Resource Void: A known fact and a huge void in identifying and retaining the right talent / resource due to with lack of skill or the optimization of funds to deploy the right set of tools/ technologies, despite the increasing complexity of Enterprise environment from Technology and threat landscape perspective.
- End User Awareness: Lack of awareness and acknowledgement, negligent behavior is often the root cause of making the enterprise vulnerable and pose significant challenge to cyber security. Educating the users and continuous training sessions would be crucial to mitigate such risk.
- Technology evolution: Over last decade we have seen humungous evolution in technology landscape which aids enterprises to build a very robust and reliable environment. AI, Blockchain, Cloud Services are right up there in bringing a push to overall Cyber Governance
- Country level regulatory acknowledgement: More and more government entities across countries are acknowledging and evolving their regulatory requirements, thereby giving enough opportunities to enterprises to create and develop their respective cybersecurity framework basis those guidelines.
- Cross Collaboration: Across industries there is a positive wave in accepting breaches and showcasing their vulnerable side to prevent any future threats or breaches. This cross collaboration / sharing best practices / threat intelligence amongst peer organizations and enterprise is leading to further strengthening of Cybersecurity Governance efforts.
- Privacy Laws and regulatory compliance
- GDPR – Protection of Personal Data / Information
- Anticipated Privacy Bill etc.
- Board level / Executive Sponsorship: Fundamentally this is crucial and critical to have a robust framework and its successful implementation within the enterprise.
- Acknowledgment and Awareness: Its prudent that the management acknowledges the need of such framework and the threat that looms large on every other organization. Thereby also collaborating with the learning and development team to spread awareness to everyone onboard to bring a cultural change, strengthening the human element of cyber security governance
- Technology led Business Enablement and Alignment: In today’s era, it’s given that Technology is the underlying platform for all enterprises to achieve their organization objectives and be effective and competitive. The framework will ensure that such alignment is considered keeping Enterprise Security perspective for all advancements and developments including adoption of Cognitive tools and technologies.
- Enterprise Risk Assessment, Continuous Monitoring, Mitigation and Analysis: Hygiene and way of living