4 Traits of a Cyber-Resilient Culture
Attend enough security conferences and you're bound to hear solemn advice about the importance of building a strong security culture across an enterprise. But what exactly does that mean? And how can it be accomplished? The leaders at (ISC)2 recently endeavored to define what it means to build a resilient cybersecurity culture. They put together a survey of tech leaders at 250 companies with a solid cybersecurity track record to get an idea of the common traits, practices, and thought processes among security-focused organizations.
For longtime security pros, none of the findings were particularly surprising. But it did confirm what a lot of professionals have recommended to their peers for a long time with regard to developing security staff, educating users, and engaging with the business. The following are four key traits that both the recent survey and other experts say are common among the companies with the strongest cybersecurity cultures.
Employ a CISO
One of the strongest commonalities among companies with a solid cybersecurity culture is that they have a definitive and highly placed executive in charge of security. The study found that 86% of companies performing well in security employ a chief information security officer (CISO).
Now, this might seem like a gimme, but the truth is that almost half of average companies today still don't have a C-level security executive in place. According to a study done earlier this year by PricewaterhouseCoopers, just 52% of global organizations have a CISO. This is particularly troubling because the CISO is the person who typically develops better support from the CEO and board.
Read the rest of this article here.
Recommended For You
Businesses can make their organizations more secure while increasing employee productivity with fast, global wireless connectivity.
It’s no secret that as far as IT security goes, the healthcare space could be a whole lot better. How did things get so dire? And what can we do about it?
A basic, layered approach to DNS security can dramatically reduce the chances of DNS and BGP-related compromise. Here are three essential, preventative measures that organizations should implement.
The IIoT is here. Now it's time to make sure that security issues won't derail its value.
A security team with a broader view of issues can provide better plans and solutions to problems and the ability to react effectively and quickly in a security emergency.
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.