Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The importance of taking a risk based approach to cybersecurity

Richard Pain | Jan. 9, 2017
Countering modern cyber-threats requires a risk based approach to cybersecurity, however few organistions are doing this; why? In this article we explore what's holding companies back and how to drive this important change.

However in making this transition, participants of the roundtable discussion raised concerns around the inertia they face from within their organisation, citing budget restrictions, difficulty demonstrating ROI and a lack of cybersecurity skills.

In response, Namboka acknowledged that these were consistent with the types of issues raised by Dimension Data clients in Singapore and further afield. Whilst most companies are pushing ahead with their digital transformation strategies, transforming security in-line with this digital transformation is being treated as an after-thought.

"The overarching challenge is that there are gaps in understanding and visibility between internal organisational units, disciplines, etc., that result in a lack of traceability between security controls and business direction," Namboka explained. "The key point is that whilst these gaps exist, issues like securing sufficient investment into cybersecurity will remain extremely difficult to solve. We at Dimension data try to bridge some of those gaps, bringing technology, tools, procedures and services together to substantiate clients' information security needs."

This is achieved using Dimension Data's risk management approach to cybersecurity, which enables clients to develop an economically proportionate risk management program based on a detailed and thorough security assessment review process. 

    Dimension Data's Risk Management Framework

Namboka explains: "It starts with interviews with senior executives in the organisation, to establish clearly the direction in which the organisation wants to go. Then our consultants work with the clients management, operations directors etc., asking how people are going about fulfilling the strategy from executive management, typically we see gaps here. The last phase is where consultants use a combination of targeted tests in a set of controls validations.  This targeted set of validations is prioritised to assess the effectiveness of the most impactful controls in a client's environment, the purpose of this thorough process is to ensure that no stone is left unturned in getting to the linkages between the business goals set out by the leadership of the organisation and the security technology and controls deployed."

"The outcome of the whole process, is a gap analysis and a corresponding prioritised remediation roadmap, not limited to technology changes, therefore including process and or methodology changes where necessary. Some of these remedies include fixing small things immediately to get the most out of existing solutions. These are like remedial projects before potentially larger investments later, which is where we bring in our partners." 

To support this risk management approach, Dimension Data has partnered with RSA and NTT Security to provide advanced security solutions, to enable organisations to become pro-active about the state of their security landscape, specifically:

 

  • Security Incident and Event Correlation (SIEM)
  • Security Analytics
  • Enterprise Governance Risk and Compliance (e-GRC)

 

Previous Page  1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.