The journey least traveled - Cyber Resilience

February 27, 2017 BY Frank Chin, iTGRC Asia

  Recall an article from 2014 regarding cyber resilience. It now reflects the current flavor of the experience for most risk management or information security professionals.  ...

'Innovation is great thing but introduces new cyber threat, and "they" know the target  that is of the price of a jewel crown.

 
Recall an article from 2014 regarding cyber resilience. It now reflects the current flavor of the experience for most risk management or information security professionals. 
 
Vividly, I recall it mentioned that: "Innovation is great thing but introduces new cyber threat, and they know the target of price of a jewel crown."
 
When we do a reality check in 2017, the loss per incident has increased more than 20%, and the number may be larger but stealthily buried for a valid reason. 
 
Perhaps companies focus on Cyber security have not gone far enough, for the lot of good will than those who look to entering the Cyber resilience. Think from business perspective; how do our security strategies measure to the pace of cyber risks? Have we balanced our investment, enough to build our resilience to protect our growing needs or changing behavior? Have we made the mindset shift to continue aligning our security or cyber spending with high business priority in the context of risks reduction or avoidance before they advance beyond our existing control baseline or the ability to deal with?
 
It’s not too late to think of a Cyber Security Resilience plan; think of what can be done to continue sustaining the protection of our assets? Instead of risks, ponder on the vulnerabilities and potential threats and their correlation. A rigorous methodology to keep the organization responsive to such threats or incidents, and the reliability of the methodology to keep the disposition of people, process, technology, and assets agile and robust. 
 
It may pay you a fortune to begin partnership with independent advisors, or make it an extension of your existing resources who can weigh in a lot, based on industries learning to rationalize, build an unbiased information risk and security resilience strategy that give you assurance that goes a long way.