Louise and Jamal of Auriga Consulting met with Business Reporter for a Q&A on Business Cyber Management and Bridging the Cyber Divide. Please take a look at the video interview below or read the full article on the Business Reporter website.
Continuously changing, rapidly adapting cyber threats are the most important risk the business will face. However are business leader taking cyber seriously? The industry seems to think not. Louise T Dunne and Jamal Elmellas buck this trend and explain why it is a third-parties responsibility to bridge the gap between threat intelligence and the board, helping to create an enterprise-wide responsive risk posture translated into business terminology.
- Learn why there’s a disconnect between risk management strategy and the board
- Understand the core elements of a successful cyber risk strategy
- Gain an insight into what you should look for when selecting a third-party supplier
The biggest challenge facing organisations today, over and above any economic one, is how to keep pace with the cyber threat. Many organisations have a wide range of security mechanisms at their disposal: technology, policies and people. But bringing these elements together to realise true value across the organisation is no easy task. If the cyber threat is difficult to assess and quantify it’s even more problematic to communicate to other departments and the board.
One means of overcoming this is to seek to rationalise and utilise more effectively the existing arsenal by calling on the services of a third-party provider. A third-party consultancy can bring a fresh pair of eyes to the table, devise a workable risk management framework (RMF) and put processes in place that make it easier for real-time intelligence to be converted into actionable decisions by the board.
There are a variety of flavours, but implemented correctly, an RMF should be embedded across all general management. Unfortunately it can be overly prescriptive, making it an obstacle to innovation, or can be sidelined as a process, making it extremely difficult to promote across the organisation. But a third-party consultancy can ensure this does not happen. The key is not to get hung up on the documentation, to engage senior management and the board and to make the framework fit the business rather than the other way round. If it can demonstrate its worth by revealing the path the organisation should tread, everyone will feel it’s a justifiable process. Then, if and when the threat is realised, the organisation is able to protect valuable data, mitigate the impact and facilitate business as usual.Read the Full Article