Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The importance of taking a risk based approach to cybersecurity

Richard Pain | Jan. 9, 2017
Countering modern cyber-threats requires a risk based approach to cybersecurity, however few organistions are doing this; why? In this article we explore what's holding companies back and how to drive this important change.


"Our approach is to fuse business strategy with business risk," explains Budiman Tsjin, Senior Manager Sales Engineering, ASEAN & Greater China, RSA. "This creates a link based on what our security technology tells us and what it means to the business, which is what we call 'business-driven security'. Using our tools, we can consolidate, streamline and prioritise cybersecurity operations and compliance, but crucially, to create a business-driven security strategy, the tools are not enough alone. You first need to know your assets, what your priorities and what the impacts to the business are in order to budget appropriately."


Budiman Tsjin, Senior Manager Sales Engineering, ASEAN & Greater China, RSA

Budiman Tsjin, Senior Manager Sales Engineering, ASEAN & Greater China, RSA


Steps to Create a Business Driven Approach to Cybersecurity


  1. Prioritise assets and understand vulnerabilities.
  2. Quantify business risk and impact if those assets were compromised; determine if your budget is allocated properly.
  3. Build a strategy to defend those assets with clear cost/benefit relationships outlined; make sure your strategy is holistic (people, process, technology).
  4. Determine gaps between what you have in place today and your ideal state.
  5. Take a phased approach to addressing the gaps, but start today; prioritise according to impact on risk posture.
  6. Constantly re-evaluate threats and vulnerabilities to tune your strategy; have a response plan in place.


Alvin Yeo, Channel and Business Development Director, NTT Security, adds, "If we just focused on IT and technology today, it's a bit short-sighted. This is because when we look at cyber-attacks today, they transcend way beyond technology. Instead, a holistic approach looks at processes and people aspect as well. Also, if we just focus on technology solutions, that's just back office and there will be pressure to reduce that cost. Instead if we can talk about exactly what we need to protect and its relevance for the business, that's how we can drive change."


Alvin Yeo, Director for APAC, NTT Security

Alvin Yeo, Channel and Business Development Director, NTT Security


Given the nature of cyber-threats today and company inertia, the most effective way to enhance cybersecurity within an organisation is to take a high level, risk based approach that is linked to the priorities of a particular organisation. This does not necessarily require a major investment upfront, as many organisations are already operating with known vulnerabilities, which can be corrected by following simple best practices. By engaging with external solution providers, correcting existing vulnerabilities and taking a risk based approach, IT security decision makers will find themselves with greater momentum and leverage to enhance cybersecurity within their organisation. 


Previous Page  1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.