“Quantitative risk analysis is the single most effective way to align security with business priorities and establish credibility with teams.” — U.S.-based CISO
As organizations continue to leverage the latest technologies and move toward even greater interconnectivity in the pursuit of growth, business strategy and cybersecurity continue to converge. Cybersecurity concerns now extend beyond the traditional IT areas of responsibility, impacting all levels of an organization.
Cybersecurity risks are on the rise around the globe, and ransomware attacks are creating frequent headlines. There is heightened awareness concerning data security at the highest levels as governments continue to tighten regulations and issue statements regarding the importance of cybersecurity. Organizations are at risk for business interruption, impact to brand reputation and significant regulatory fines.
The COVID-19 pandemic prompted a definitive shift in the way organizations work. They have had to accelerate cloud adoption while simultaneously transitioning their staff to a work-from-home business environment. This has resulted in cybersecurity teams facing additional challenges, not just from the external threats they seek to deny, but also from the internal environments they need to manage.
As the dependency between business strategy and cybersecurity continues to grow, so too does the need for communicating cyber risk across the organization. The cybersecurity conversation needs to change, from one of fear and speculation to one that informs business decisions in support of organizational goals.
Bridging the Gap Between Security and Strategic Business Objectives
Security strategy must be aligned with business objectives. Budgets need to be justified and the return on investment (ROI) related to security spending initiatives should be considered.
As Robert Kolasky, Director of National Risk Management Center in the CISA, stated in his in ..
Support the originator by clicking the read the rest link below.
