It’s all good and well to talk about the need for a unified cybersecurity plan, but talking about problems without providing solutions is counterproductive. Considering the article did not offer a solution, here is a six step plan I prepared earlier (and I tested it too on a number of companies listed on the Australian Stock Exchange; yes it really works):
1. asset management – discover and classify the most critical assets to the business
2. vulnerability management – discover and remediate the most critical vulnerabilities within the most critical assets
3. threat management – predict and prevent the most critical threats that could exploit the most critical vulnerabilities
4. incident management – detect and respond to the most critical attacks that have eventuated from the most critical threats
5. continuity management – confirm and recover from the most critical breaches that have resulted from the most critical attacks
6. crisis management – avoid accept, transfer, or reduce the impact that has manifested from the most critical breaches.
It’s all good and well to talk about the need for a unified cybersecurity plan, but talking about problems without providing solutions is counterproductive. Considering the article did not offer a solution, here is a six step plan I prepared earlier (and I tested it too on a number of companies listed on the Australian Stock Exchange; yes it really works):
1. asset management – discover and classify the most critical assets to the business
2. vulnerability management – discover and remediate the most critical vulnerabilities within the most critical assets
3. threat management – predict and prevent the most critical threats that could exploit the most critical vulnerabilities
4. incident management – detect and respond to the most critical attacks that have eventuated from the most critical threats
5. continuity management – confirm and recover from the most critical breaches that have resulted from the most critical attacks
6. crisis management – avoid accept, transfer, or reduce the impact that has manifested from the most critical breaches.