The Art of Implementing a Cybersecurity Program
I recently had the pleasure of attending the SecureWorld Expo in Valley Forge, Pennsylvania. I noticed many of the conversations at this conference centered on developing a security framework and strategy for organizations.
This reminded me of a recent Computer Weekly article that I read where Gartner announced, “Businesses will have to embrace cloud security-as-a-service. Businesses will increasingly be forced to adopt cloud-based security services to take care of the basics so they can concentrate on more complex threats. “
However, to concentrate on very complex threats, businesses must implement a structured security strategy to minimize risks and protect intellectual property. This involves building an effective cybersecurity program (internal, outsourced, or both) with the appropriate resources for all areas requiring protection. The program should be designed for protecting people, data, applications and infrastructure. Utilizing the National Institute of Standards and Technology (NIST) Risk Management Framework and mapping this to SANS security controls will guide organizations to maximum protection, detection, and response.
Weidenhammer’s Consulting Group can assist organizations in developing and implementing a security program. The first step is to discover assets and prioritize them according to priority. This can be achieved by the Consulting Group’s “Network Security Assessment” service.
Wendy Larsen is a Security Consultant in the Weidenhammer Consulting Group and has 25 years of experience with Weidenhammer in technology, network and directory design, and security assessments. She performs comprehensive evaluations of vulnerabilities in network and security for Active Directory, network devices, and overall security.