Don’t assume that preventing or responding to a data security breach is the Chief Information Security Officer’s job or that someone in IT should handle it. It’s not that simple. Keeping a company’s data, equipment, people, and infrastructure secure over time is a complex task for which everyone in the organization has a responsibility, and in which everyone must play a role. Success depends on researching and then clearly defining security policies and practices, making every stakeholder aware of them, and ensuring compliance with them.
For a successful outcome, engage your stakeholders. That means, talk to them to learn their daily challenges and concerns. Next, explain to them why and how your cybersecurity solution strategy and tactics work. And take their feedback to heart — engage them to collaborate with you to design a solution that includes measures to address all issues, especially theirs. Taking these steps will produce the most comprehensive and sustainable outcome possible.
To start, map your stakeholders. Lay out who is responsible for what, what their relationships are to one another, how powerful their influence is on whom and when, and how they will be affected by the solution as it is being implemented and once it’s in place. Continually and consistently communicate and work with them, so they feel ownership too for the solution and will therefore help move it along and sustain it.
Consult the NIST guidebook Cybersecurity is Everyone’s Job (National Institute for Standards and Technology) to help formulate a comprehensive approach to strong workplace digital security. It lists not only a typical organization’s departments and their functions, but their roles in creating and implementing effective cybersecurity measures as follows:
The Leadership team sets the organization’s priorities, resources programs, establishes governance, sets cultural expectations, and manages risk for security weaknesses and violations. Because risk management is so crucial for Leadership, it will be discussed and featured in a future post.
Sales, Marketing and Communications teams are responsible for interactions with the outside world and within the organization. They manage what stories are told and ensure that communication assets are secure. In an increasingly insecure digital world, they safeguard brand, reputation, and perception of trustworthiness, thereby preserving institutional value, integrity, and relationships.
Facilities, Physical Systems, and Operations teams protect buildings, equipment, and other tangible assets from physical and cyber compromise. They make sure all systems operate smoothly and safely, and they monitor every point at which the physical and digital worlds interface and interconnect.
Finance and Administrative teams, which manage financial assets and transactions, constantly deal with risk management. Cybersecurity systems play a critical role for these teams, as financial systems are a primary target for hackers.
Human Resource teams safeguard personnel data and promote a culture of strict compliance with cybersecurity policies throughout the organization, including recruiting processes and training programs.
Legal and Compliance teams ensure compliance with laws and regulations and manage liability risks from cybersecurity legal issues.
Information Technology teams provide the technical expertise to build and manage cybersecurity programs and processes throughout the organization and respond to issues as they arise.
Robust solutions are ones designed only after identifying all stakeholders both inside and outside the organization, consulting with them to understand their needs and concerns, and determining their impacts on implementation of the design as well as the design’s impact on them. Essential to success is an agile communications model to gather and evaluate their feedback and modify the solution throughout its lifecycle so it can meet changing demands and remain sustainable. Establishing such a system, combined with taking the preceding steps in sequence, is a winning approach for your solution plan to succeed not only in boosting, but also in maintaining, strong compliance rates with cybersecurity policies and best practices.
To find out more on how to use sustainable solution design for cybersecurity in your organization or to schedule a consultation, visit embedded-knowledge.com. J. Eduardo Campos and Erica W. Campos bring years of experience to designing solutions for complex problems and managing large projects involving multi-disciplinary and cross-cultural teams.