HOME
VAR Panchayat

Managing Cyber Security Risk

by VARINDIA 2017-04-24
Managing Cyber Security Risk
 
 
Digital technology and cashless economy has given rise to many cybersecurity threats
 
Every organization with digital information assets should have a well laid-out plan to support its security and be compliant to the laws of the land. To achieve this goal, major stakeholders in the company should come together and build a remedial plan in case of any cyber incident. Every company’s approach to mitigating privacy, security risk, complexity and viability of these programmes differs from company to company, depending on its size, space and industry.
 
Organization that has a limited clientele and revenue, and which handles a small amount of non-public financial data might develop a brief charter points for a privacy and security plan, or perhaps a written standard or policy setting forth the entities regulatory and legal obligations from a privacy perspective. On the other hand, a large and more complex corporation that handles sensitive information is likely to have a number of governance documents that outline and implement appropriate privacy, security policies, processes, procedures and measures. The key factors to be taken into consideration while taking stock of your risk are:
 
Legal and regulatory risk: What sets of compliance, regulations and principles are required to be followed?
 
How could a data privacy breach or security incident do to your reputation among your customer base?
 
What would happen if you are required to notify the media, regulators, shareholders, stakeholders of the organization and how this shall impact your business and image in the corporate world? What are the financial risks of an external threat and attack to your information system? Could this downtime affect the revenue of your organization?
 
Could the external and internal threats hamper your operations? What losses directly or indirectly your business would incur caused by a security incident or unforeseen disaster?
 
Could your business partner take you to court for laxity in implementing proper security practices and causing huge monetary loss?
 
What could happen if the lawenforcement agency would register offence for keeping the information system unattended and making a gateway for criminals to commit crime at your expense?
 
What could happen if your data is encrypted and demanding ransomware?
 
Would you like to be caught at ransom for your negligence? Once you have identified your risks, start thinking about programmes and procedures that address the risks that could have the largest and the most immediate impact on your business. A third-party assessment of your system, vulnerability assessment and penetration testing and implementation of proper cybersecurity practices are recommended for data protection, privacy governance, security framework and compliance.
 
Taking Inventory
 
An inventory of your physical and data assets should be performed to help shape your security programs. Conduct a sensitive information inventory and data diagramming exercise to identity the systems and applications on your network that need highest level of physical and technical security.
 
Internal governance
 
Creating policy and governance documents is a very important challenge. Does the company really need a highly detailed incident response plan and should the privacy policy be elaborative in nature? You should leverage and implement from documented best practices, follow compliance and build up an ecosystem, wherein there is a minimized risk to your information and data assets. The organization’s incident response plan should be tailored to the risk your business faces. It should be a road map for security, compliance and business leaders in the event of business interruptions, business attacks, natural disasters and data breaches.
 
Monitoring and Compliance
 
Any organization handling information should have dedicated cybersecurity personnel, conduct regular audit, monitor network for vulnerabilities, threats and security events. Organization should ensure that their staff is aware of security and privacy rules and remains vigilant against policy violations. Make sure that your security professional has an up-to-date understanding of privacy and security laws, rules, regulations and industry best practices by monitoring developments and periodically updating policies to reflect any significant changes.
 
Progress Mapping
 
Changing organizational culture and successfully implementing a set of standards might encourage business leaders to expand and implement organizational privacy and security programmes. An effective cybersecurity plan should have:
 
Training programme for employees
 
• Use of licensed softwares
 
• Building, deploying effective hardware and software firewalls
 
• Establishing a collateral server
 
• Keeping the backup option on while configuring the OS. This shall ensure that no data be lost.
 
• Choose a vendor giving you complete solutions under one roof

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
T-Mobile confirms breach by Chinese hackers in ongoing cyber espionage campaign

T-Mobile confirms breach by Chinese hackers in ongoing cyber espionage campaign

Helldown ransomware expands its reach, targeting Linux systems and virtualized environments

Helldown ransomware expands its reach, targeting Linux systems and virtualized environments

Sattrix and Cloud IOT sign JV to drive cybersecurity and digital transformation business in Southeast Asia

Sattrix and Cloud IOT sign JV to drive cybersecurity and digital transformation business in Southeast Asia

SOFTWARE
View All
PhonePe & Bharat Connect to announce easy contributions for NPS

PhonePe & Bharat Connect to announce easy contributions for NPS

Elastic collaborates with LG CNS to enable innovation in knowledge management

Elastic collaborates with LG CNS to enable innovation in knowledge management

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

START - UP
View All
ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

Whatfix and Deloitte India Partner to Drive Digital Adoption

Whatfix and Deloitte India Partner to Drive Digital Adoption

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Start-Up and Unicorn Ecosystem
Tata Elxsi, DENSO, and AAtek Open New Robotics and Automation Lab in Frankfurt

Tata Elxsi, DENSO, and AAtek Open New Robotics and Automation Lab in Frankfurt

Prudential Unveils Global AI Lab in Singapore

Prudential Unveils Global AI Lab in Singapore

HPE delivers its fastest exascale supercomputer El Capitan to Lawrence Livermore National Laboratory

HPE delivers its fastest exascale supercomputer El Capitan to Lawrence Livermore National Laboratory

Cloudera announces new AI Assistant with intelligent capabilities

Cloudera announces new AI Assistant with intelligent capabilities

Futurense Launches India’s First Futurense Leadership Council

Futurense Launches India’s First Futurense Leadership Council

MediaTek Powers India's Digital Future with Latest Innovations

MediaTek Powers India's Digital Future with Latest Innovations

Akamai launches ready-to-deploy, cloud-agnostic application platform

Akamai launches ready-to-deploy, cloud-agnostic application platform

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

NXP rolls out pioneering Ultra-Wideband wireless battery management system

NXP rolls out pioneering Ultra-Wideband wireless battery management system

Netpoleon India Partners with Cavisson Systems

Netpoleon India Partners with Cavisson Systems