Setting up a Cyber Security Program – A CISO’s Guide.

May 7, 2019 | Views: 4143

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Have you just taken up the role of CISO in your organization? Are you charged with the responsibility of building or maintaining the cybersecurity program your institution? Quite frankly, I neither envy you or your role. Perhaps like @MattEastwood depicted in the picture below, the responsibilities you shoulder is likely to ensure you do not get that desired sleep.

 The internet today is awash with C-suite executives who lost their job on account of data breaches or cyber-attacks. Such is the importance/criticality of cybersecurity to an organization’s continued survival.

 In this piece, I share 3 basic tips that could guide a new CISO or anyone charged with the responsibility of managing Cybersecurity in an organization.

·       Know your Assets – as simple as this may sound, it has the capacity of embarrassing any CISO should the risks associated with it crystallize. Knowing your information asset is the bedrock for maintaining an effective cybersecurity program. I stated in my last piece that you cannot protect what you do not know to exist.  Therefore, complete visibility of your networked assets is critical.

·       Rank your Assets – a risk assessment of your asset will be in order. Ranking your assets helps you apply the appropriate amount of security needed in safeguarding an asset. You don’t want to be killing a mosquito with a double barrel gun.

·       Document Boundaries (Governance) – document boundaries for the operations of the cybersecurity program, be it in the form of policies, procedures or frameworks. There are several frameworks that can be leveraged on to guide their development – NIST, COBIT, PCI-DSS, etc.

While these tips are not likely to be exhaustive, other activities in the cybersecurity program like patch management, system monitoring, log management, logical access control, etc. draw their life from these foundational tips.  

Tony Ayaunor is an Information Systems Auditor and CyberSecurity enthusiast.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?