Last updated at Wed, 15 Mar 2023 13:01:06 GMT
Part two of Confronting Security Fears to Control Cyber Risk was presented live on March 9th for EMEA and will be delivered on March 16th for APAC. The 40-minute session focuses on the importance of developing cybersecurity elasticity.
In the session, Jason Hart, Rapid7’s Chief Technology Officer, EMEA, will discuss how organisations can develop the ability to adapt while being able to quickly revert to their original structure after times of great stress and impact. To do so, organisations must first address some common cybersecurity challenges:
- Alignment of ownership and accountability: Cybersecurity should be decentralised across the business–not just an IT security function
- Scope on where to focus: Not all risks are equal and risk can compound based on business needs and transformation
- Translation: The requirement to translate cybersecurity needs and requirements across the whole of a organisation
To accomplish these goals, Hart recommends focusing on:
- Culture: Enable a culture that makes cybersecurity part of the business process and creates a culture of ownership and accountability
- Measurement: Translating cybersecurity data to allow all organisational stakeholders and personas to understand the context and need
- Direction: The creation of a Northstar “AKA” Cybersecurity Strategy that is clearly communicated and that has clearly defined objectives and outcomes
For many organizations, that strategy comes in the form of a Protection Level Agreement (PLA).
A PLA is an agreement between two or more parties, where one is the business (stakeholders), and the others are protection provider(s) (Product Management, IT, 3rd Party Development). Both parties should be equally involved in creating and implementing the PLA, ensuring that expectations are realistic, needs are met, and all parties are bought in to the agreement.
In this session, Hart will detail how executives can create a PLA between the security department and senior leadership team, ensuring everyone works to a common timeline and goals. A well-designed PLA ensures teams are focused and efficient in responding to cybersecurity events. So, clearly defining who owns and is accountable for PLA responsibilities is essential.
Measuring success and identifying weaknesses in a PLA is also key. Cybersecurity tools that automate reporting on a wide variety of KPIs can help security teams communicate effectiveness to leadership.
To learn more, register here:
Confronting Security Fears to Control Cyber Risk: Part Two
Earlier this month, Rapid7 presented part one of a webinar called “Confronting Security Fears to Control Cyber Risk”. The webinar, available on demand, focused on cybersecurity simplicity and why everyone associated with your organization must develop a cybersecurity mindset. To do so, CISOs must decentralize cybersecurity and instil accountability and ownership across a business. If you haven’t already seen it, you can watch it below:
Confronting Security Fears to Control Cyber Risks Presentation
- Part 1 slides
- Part 2 slides
Implementing Protection Level Agreements