Issues & Challenges
Should Executives Concern About Cyber Security?
Our Point of View
How Can I Know The Status of my Company’s Cyber Security Practice?
This is a million dollar question in cyber security - “what assessment can we do to fairly and adequately evaluate our current cyber security practice?” A question that almost all senior management and IT director/CIO of all types of current cyber security practice?” A question that almost all senior management and IT director/CIO of all types of companies dying to answer. We can divide cyber security assessment into three types – each with its own focus, ability to identify weaknesses in the current practice and difficulties to execute.
Often cyber security is seen as an IT risk and could be handled by IT Department alone. Without understanding the linkage between cyber security as an IT risk and business risk, companies could focus on the wrong cyber security threats. In different business contexts, each cyber security threats or sources might or might not cause significant financial, reputation and compliance issues. Hence treating cyber security as an IT risk and relying on bottom up assessment, companies might have the wrong prioritization of the cyber security risks. This will prevent the companies from focusing on the cyber security risks that are most critical to the companies.
By bringing together top down business risk assessments along with the bottom up approach, companies can establish a stronger business case for security change. The prioritization of cyber security risks needs to be tailored and customized according to the business needs/priorities and concerns rather than being driven purely by the technical assessment. The top down informs the bottom up about priorities and the bottom up informs the top down about likelihood of control failures.
How Protiviti Can Help
Security and Privacy Solution Suite
Security and Privacy solution is one of the key solution suites in Protiviti’s Technology Consulting practice. Our Security and Privacy services utilize experience, tools and methodologies to help our clients to assess the status of their current security and privacy practice and to strategize and implement the required improvement plan. Our professionals bring a blend of extensive product and system knowledge, technical expertise, and consulting experience. Most of our security and privacy professionals have multiple security and risk management related certifications. With the support of Protiviti’s global presence, we can draw on our global experts to develop and tailor our solution to suit our client’s situation and challenges.