Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Tips to improve your organisation’s cyber security plan

Nurdianah Md Nur | Jan. 28, 2014
Douglas Tang of NEC Asia advises organisations to ensure that their cyber security plans are holistic, policy-driven, and risk-based.

Organisations in Asia Pacific need to beef up their cyber security strategies in order to keep today's cyber threats at bay, said Douglas Tang, senior director and global lead for Cyber Security, NEC Asia Pacific Pte Ltd. As a speaker at the NEC Innovative Solutions Fair in Singapore earlier this month, he shared tips on how organisations in the region can better address cyber crime issues. 

Having a holistic cyber security plan is crucial
Organisations need to constantly and proactively analyse the threat landscape and risks to ensure that their business is protected.  Besides that, organisations need to have a comprehensive cyber security plan. This entails having preventive measures, as well as being able to detect security breaches, recover from breaches, and improve their systems and policies after a breach.   

Cyber security strategies should be policy driven
Instead of trying to protect everything, organisations should identify the assets (hardware and software) that need to be protected before assigning them to the right level of protection (eg. confidential, highly sensitive etc) needed. Thereafter, organisations should define the standards or guidelines for protecting those assets.

Cyber security strategies should be risk-based
Organisations usually over or under invest in security due to the wrong assumptions on their risk exposure. Having a risk-based cybersecurity strategy could help prevent that. To do so, organisations need to monitor threats and understand how those threats would pose as a risk to their assets. Organisations should also constantly self-assess their cyber security strategy using checklists and questionnaires, engage security professionals to assess their strategy, and go for auditing and assurance reviews.

A layered security defence is necessary
By having different solutions protecting your assets at different layers of your network, it is more difficult for hackers to circumvent and reach the asset. However, Tang warns that it may not be easy to integrate and manage the different solutions. 

Security needs to be centrally managed
This can be done by having a security operations centre, where security experts and analysts will be able to work together to analyse the security incidents and respond effectively to them.  

 Implement security in a road map fashion
Organisations should take a phased approach when it comes to implementing security solutions as this will provide them the time to transit and learn by experimenting. However, each phase needs to be aligned with the long-term security/IT plan and overall investment.

Senior management to be involved in IT governance
IT governance is more than just IT security policy; it is a framework to help decide on risk management, tech adoption and business transformation. Thus, the senior management should be included in discussions around IT governance so as to drive the direction of the organisation's cyber security plans. By doing so, the senior management will be able to understand the value that security brings to the enterprise.

 

Sign up for CIO Asia eNewsletters.