Page 26 - Cyber Defense eMagazine August 2023
P. 26

Leadership and Policy Implementation

            Leadership's role in policy implementation is often underestimated.  Management sets the tone for policy
            adherence, creating an environment of compliance and respect for cybersecurity rules. Leaders must not
            only follow these rules but hold regular discussions  about security, address breaches promptly,  reward
            compliance and encourage continual learning.  Moreover, leaders should ensure that policies keep pace
            with the rapidly evolving cyber security landscape. This involves regular reviews and updates, reflecting
            the latest threats and best practices.



            Technology Follows Policy

            Teams  all  too  often  let  technology  dictate  their  strategy,  essentially  outsourcing  their  thinking  to  the
            vendor’s protect  managers. Why turn on MFA?  The wrong answer is because your provider suddenly
            offers it. The right answer is because your policy requires it, stemming from an analysis of the regulatory
            environment  and  your  threat  profile.    Monitoring,  encryption  and  patching  all  follow  a  similar  path.
            Technology should serve to enable and enforce policy rather than drive it. Post-implementation, analytics
            tools can monitor compliance trends and exceptions, indicating the need for additional training or stronger
            controls.




            The Unseen Champion: Policies

            In conclusion, good cyber security isn’t only about state-of-the-art  technology. It’s centered on people –
            their understanding,  their decisions  and their actions.  Guiding all these elements are your policies: the
            unseen champion of your cybersecurity defenses. More than a list of rules, they shape behavior, inform
            decisions  and fortify defenses.  In this evolving  digital era, people  are a constant.  As you sit through a
            demo of the newest cyber security gadget, remember the silent sentinel – policies – and make the smarter
            investment.





            About the Author

            Craig  Burland  is  CISO  of  Inversion6.  Craig  brings  decades  of  pertinent  industry
            experience to Inversion6, including his most recent role leading information security
            operations for a Fortune 200 Company.  He is also a former Technical Co-Chair of
            the  Northeast  Ohio  Cyber  Consortium  and  a  former  Customer  Advisory  Board
            Member for Solutionary MSSP, NTT Globhttp://www.inversion6.comal  Security, and
            Oracle Web Center. Craig can be reached online at LinkedIn  and at our company
            website http://www.inversion6.com.








            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               26
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   21   22   23   24   25   26   27   28   29   30   31