For those of us old enough to remember, the emergence of Information Security as a distinct and important function within the organization is very similar to the emergence of Information Technology departments years ago. Back then, as computing moved from mainframe to midrange to desktops, the organization needed to answer several questions to see how this new area fit into corporate functions.
Extend Resources was privileged to host a Cybersecurity Panel Discussion at the IG3 West conference in Newport Beach, California. It featured distinguished panelists and a lively discussion on the topic, “ISO 27701: Leveraging the New Data Privacy Standard for a Competitive Advantage.”
While the big breaches make headlines, it is well known that a cyber-event is an existential threat to small and medium-sized enterprises (SMEs). According to Inc. Magazine, 60 percent of SMEs fold within six months of a cyber-attack. With SMEs becoming an increasing target for hackers – due to their perceived vulnerabilities – data privacy and cybersecurity are top of mind for every organization.
In this post, we suggest a practical opportunity to improve both your information security program and posture: communication and transparency.
The advantage of a simple, understandable, and robust information security program extends beyond the InfoSec team. When the structure, goals, and ongoing results of your InfoSec program are well communicated and understood, the program itself becomes stronger. Communication and transparency foster support and commitment throughout the organization from the most junior employee to the Board of Directors.
There seems to be a lot of misplaced fatalism in the cybersecurity arena. This fatalism is centered around two common perceptions that are – in my experience – simply not true.
First, a breach is inevitable over time. Second, the cost in time and money to prevent a breach is extraordinarily high. Neither needs to be true for you and your organization. Let’s take each in turn.
In an upcoming session at The Exchange: Data Privacy and Cybersecurity Forum, hosted by Today’s General Counsel, Extend Resources CTO and CISO, Antonella Commiato will discuss corporate governance vs. security and the different methods to develop an active defense strategy for information security sustainability. The session takes place on Thursday, December 13 at The Westin Bonaventure Hotel and Suites, Los Angeles, CA and includes panelists from law firms, corporate legal teams, and legal security experts who offer a distinct blend of expertise to share solutions for building and implementing comprehensive response plans and navigating through government regulations.
EXTEND Resources is in the news!
The July issue of the ISSA Journal features an article on Information Security Standards: Differences, Benefits, Impacts, and Evolution, written by EXTEND Resources team members Antonella Commiato, Chief Technology Officer & Chief Information Security Officer (CISO) and Michael Sturgill, Information Security Manager.
Download the PDF.
ISSA Members can view the July issue of the ISSA Journal here.