Businesses need to assess their cyber security risk management and ensure it’s being done right, according to security professionals Peerlyst.
The company says risk management and cybersecurity shouldn't clash - they should align.
Gary Hayslip, the CISO for the city of San Diego, says that is easier said than done.
“Cybersecurity risk-management is not only vitally important to individuals, businesses, and governments around the globe - it's very tough to get right.”
Peerlyst has published Hayslip's six-part plan, in a piece entitled "Resource: Cybersecurity and Risk Management”, aimed to help organisations get cyber security risk management right.
Hayslip’s plan includes:
- Categorise information systems and data
- Select security controls
- Implement security controls
- Continually assess security controls
- Authorise (verify risk baseline)
- Continually monitor security controls
“In truth, an organisation's cybersecurity program and life cycle are part of a larger ecosystem,” Hayslip says.
“This security ecosystem includes the cybersecurity life cycle, the risk-management life cycle, and the dynamic interaction between their components and processes,” he explains.
“This unique ecosystem, when documented and properly maintained, provides an organisation with invaluable data on the maturity of its cybersecurity and risk-management programs,” says Hayslip.