We have implemented information/cyber security solution and yet….

April 12, 2018 BY iTGRC

We have implemented information/cyber-security solution in our organization and yet….  This article is neither to explain nor coach consultant in their consultation. We share ...

Typical doubts and questions that flow through the chief executive or business owner mind after spending money on their cyber security solution

We have implemented information/cyber-security solution in our organization and yet…. 

This article is neither to explain nor coach consultant in their consultation. We share our practitioners' experience of the real-life scenario and business challenges that company or organization face, and why they are in need of a CISO advisor to assist them, gain clarity to solve their pain-point, and stretch to gain value and improvement.

1.      I have spent 6 figures on my cyber-security solution for my business, yet we still receive email SPAM, and we become uncertain whether we are hacker and malware proof?

2.    We have created a information/cyber security structure for our business within an operating environment but we are not certain if it’s effective, and whether the architecture is truly a secured environment?

3.      We are a third-party supplier to our clients but they have a mandate that requires us to fulfill data security and risk assurance requirements, or meet their regulatory compliance mandates such as GDPR, PDPA, FDA regulation, SOX and etc, what do I do?

4.      We have multiple vendors implementing my network and security solution, but still we don’t have a complete picture how it works to protect my company from cybercrime/attack?

5.      We have implemented IT solution using Cloud, or connecting our internal systems to third party Cloud. We are not sure whether the solution has any other security concern and cyber risk exposure?

6.      Why my IT or security policy does not work after implementing it for months?

7.      I am in a cross-border organization with a decentralized structure. We often find it difficult to upkeep and maintain an integrated oversight and control over our cyber security posture?

8.      I have our own IT and security team, but I need a reliable and independent assessment before my Audit, what do I do?

9.      We have an outsourced systems/software vendor develop and maintain our application, but we continue to face technical hiccup and differences from our requirements?

10.   We have a decentralized environment with different technology, standards and cyber security solutions. We always want an oversight of our business exposure, be able to respond or timely report to our management, what should we do?

11.   I want to extend my insurance plan to cover my intellectual properties and company top secrets and critical data but there’s no measurement for my security baseline?

12.   I plan to reduce my existing cyber insurance premium but not certain how to go about achieving that?

13.   We heard a lot about GDPR by 25 May 2018 lack the idea of where to start, how to cope with GDPR (European Union mandates data protection regulation) since we are doing a little of PDPA.

14.   .. and the list will go on.

These are typical doubts and questions that flow through the mind of senior executive, business owner, or even their IT leaders. 80% of the cases discovered is missing the essence of basic cyber hygiene that provides a framework - a set of methodical approaches that talk to the business and protect them.
Implementing information/cyber security is a combination or art and science. It needs the required skills, a structured and proven methodology to balance it, relate it to organization objectives and business goals. It is done by weaving through organization complexity, adapting to company culture and belief while connecting the dots from Strategy, People, Process & Technology to create a right synergy with its t's existing business ecosystems management system, so to make sense and gain the desired ROI.