Enterprise Cybersecurity Strategy
It is now clear that no enterprise Internet-linked system is immune from the ever more daring, frequent and complex cyber attacks. For example, the Depository Trust and Clearing Corporation see cybersecurity as the biggest threat to global financial markets. Yet, it is clear that private sector enterprises are not building cyber defence capabilities at the pace required to stem cyber attacks. This is the inevitable result of the prevalent reliance on a reactive approach to cyber threats that views cybersecurity as a technical problem. Thus, we counsel a strategic and business-led view instead. We help our clients devise a holistic approach to preventing, detecting, deterring and responding to cyber threats and risks most likely to disrupt essential activities. In common with governments, we typically follow the steps below:
Stage 1 — Cyber Healthcheck
We work with you to assess cybersecurity readiness in the enterprise including its supply chain. We seek to establish whether systems and services that support the enterprise’s activities can continue functioning even in the face of cyber attack. Because cybersecurity is a shared responsibility, we engage all relevant enterprise stakeholders during the cyber Healthcheck phase. The phase helps us establish the concerns and capabilities of relevant stakeholders.
Stage 2 — Strategic Context
We conduct a detailed evaluation of the factors that influence cybersecurity activities. For the egnterprise, drivers include regulation and business strategies. We establish risk appetite and prioritise risks.
Stage 3 — Strategic Goals/Ends
At this stage, we work with top leaders at corporate levels to identify what the strategy is seeking to accomplish. As the title implies, strategic goals are long-term and aim to help an enterprise build durable capacity to mitigate and respond to the cyber threats most likely to disrupt essential business processes. Whilst requirements differ across States, our clients often define goals in domains including national security; effective, efficient and responsive services; the economic benefits of IT-enabled businesses and boosting IT expertise.
Stage 4 — Project Priorities
We identify project priorities that we align with your business goals and obtain top leadership sign-off. We then devise the most effective approaches for pursuing the identified strategic priorities. We further propose the activities needed to realise each strategic priority. Additionally, we help you develop a structure for governing the allocation of the needed resources as well as the coordination and monitoring of activities. We also help with defining expectations for activities and thus give a performance verification basis.
Stage 5 — Project Resources
At this stage, we help clients identify the human, technical and institutional resources required to achieve the strategic cyber goals. We use the same model to assess resourcing of live programmes.
Stage 6 — Assurance
Lastly, we help build a mechanism for monitoring cybersecurity initiatives to ensure that they continue to meet business goals. We tailor processes to your needs.
We developed the comprehensive cybersecurity model that the International Telecommunication Union (ITU) recommends to its Member States. (See attached diagram)