Page 26 - Cyber Defense eMagazine August 2023
P. 26
Leadership and Policy Implementation
Leadership's role in policy implementation is often underestimated. Management sets the tone for policy
adherence, creating an environment of compliance and respect for cybersecurity rules. Leaders must not
only follow these rules but hold regular discussions about security, address breaches promptly, reward
compliance and encourage continual learning. Moreover, leaders should ensure that policies keep pace
with the rapidly evolving cyber security landscape. This involves regular reviews and updates, reflecting
the latest threats and best practices.
Technology Follows Policy
Teams all too often let technology dictate their strategy, essentially outsourcing their thinking to the
vendor’s protect managers. Why turn on MFA? The wrong answer is because your provider suddenly
offers it. The right answer is because your policy requires it, stemming from an analysis of the regulatory
environment and your threat profile. Monitoring, encryption and patching all follow a similar path.
Technology should serve to enable and enforce policy rather than drive it. Post-implementation, analytics
tools can monitor compliance trends and exceptions, indicating the need for additional training or stronger
controls.
The Unseen Champion: Policies
In conclusion, good cyber security isn’t only about state-of-the-art technology. It’s centered on people –
their understanding, their decisions and their actions. Guiding all these elements are your policies: the
unseen champion of your cybersecurity defenses. More than a list of rules, they shape behavior, inform
decisions and fortify defenses. In this evolving digital era, people are a constant. As you sit through a
demo of the newest cyber security gadget, remember the silent sentinel – policies – and make the smarter
investment.
About the Author
Craig Burland is CISO of Inversion6. Craig brings decades of pertinent industry
experience to Inversion6, including his most recent role leading information security
operations for a Fortune 200 Company. He is also a former Technical Co-Chair of
the Northeast Ohio Cyber Consortium and a former Customer Advisory Board
Member for Solutionary MSSP, NTT Globhttp://www.inversion6.comal Security, and
Oracle Web Center. Craig can be reached online at LinkedIn and at our company
website http://www.inversion6.com.
Cyber Defense eMagazine – August 2023 Edition 26
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.