Story image

Cybersecurity risk-management vital, says expert

24 May 2016

Businesses need to assess their cyber security risk management and ensure it’s being done right, according to security professionals Peerlyst.

The company says risk management and cybersecurity shouldn't clash - they should align.

Gary Hayslip, the CISO for the city of San Diego, says that is easier said than done.

“Cybersecurity risk-management is not only vitally important to individuals, businesses, and governments around the globe - it's very tough to get right.”

Peerlyst has published Hayslip's six-part plan, in a piece entitled "Resource: Cybersecurity and Risk Management”, aimed to help organisations get cyber security risk management right.

Hayslip’s plan includes:

  • Categorise information systems and data
  • Select security controls
  • Implement security controls
  • Continually assess security controls
  • Authorise (verify risk baseline)
  • Continually monitor security controls

“In truth, an organisation's cybersecurity program and life cycle are part of a larger ecosystem,” Hayslip says.

“This security ecosystem includes the cybersecurity life cycle, the risk-management life cycle, and the dynamic interaction between their components and processes,” he explains.

“This unique ecosystem, when documented and properly maintained, provides an organisation with invaluable data on the maturity of its cybersecurity and risk-management programs,” says Hayslip.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.