Avoid the face off in cyber-risk, a practitioner way
May 9, 2017 BY Orginal by Mckinsey&Company

Article by Mckinsey&Company to share. (note disclaimer)
The article speaks about connected cars. Nevertheless, the thoughts and principles behind demonstrate a practitioner way of life in shaping up an integrated environment larger than one's ecosystems against information and security risks. Click here to read
Appreciation of the fundamentals precepts
Acknowledge “Connectivity is burgeoning”, going beyond one’s ecosystems when Supply chain today is fragmented
Address the design of the product with security in mind, but on the hindsight, a secure design won’t necessary guarantee full security over time
Adopt a managed development process and reinforced collaboration between product-security teams throughout from conceptualization to prototype, to development, phases of testing, piloting and finally to production
Go after deep understanding of the architectures and peculiarities of the related systems. Look out for, and into integration risks and ensure security practices (risk-based) have been implemented consistently throughout the full value chain, including suppliers, and multi-layers of suppliers
Share the intelligence on threat and vulnerabilities viewed by customers, companies/alliances, or regulators, and never neglect assessing the acceptable risk profile viewed by them, and areas they would regard as vulnerable. When regulators are involved, help them understand the actual risks and the countermeasures already in place to deal with them
Last but not the least, constantly cultivate a culture of information & technology or Cyber -security awareness by creating an environment where such risk is always viewed from product-resiliency standpoint when defining the key enablers.
Disclaimer : Link to article is strictly for sharing purpose without prejudice, bias or intent to infringe any rights, privileges or commercial benefits with respect to the content through the external link, under the purview of local Legal and Regulatory jurisdiction.