Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Three

Post Syndicated from Rapid7 original https://blog.rapid7.com/2023/03/29/executive-webinar-confronting-security-fears-to-control-cyber-risk-part-three/

Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Three

In the final installment of our webinar “Confronting Security Fears to Control Cyber Risk,” Jason Hart, Rapid7’s Chief Technology Officer, EMEA, discusses how adopting a cyber target operating model can eliminate cybersecurity silos and increase the effectiveness of your cybersecurity program. If you haven’t already, watch parts one and two before delving into this final segment.

Part One: Cybersecurity Simplicity focused on how to encourage everyone associated with your organization to develop a cybersecurity mindset. To accomplish this, Hart recommends that CISOs decentralize cybersecurity to instill accountability and ownership across the entire business.

Part Two: Cybersecurity Elasticity focused on why organisations must develop the ability to adapt while being able to quickly revert to their original structure after times of great stress and impact.

In the presentation, Hart details how executives can create a Protection Level Agreement (PLA) between the security department and senior leadership team, ensuring everyone works to a common timeline and goals. Measuring success and identifying weaknesses in a PLA is also key. Cybersecurity tools that automate reporting on a wide variety of KPIs can help security teams communicate effectiveness to leadership.

Operationalising Cybersecurity

Part Three: Cybersecurity Tranquility offers practical and actionable advice on how to implement a target operating model that aligns with your business, reduces risks and enables a positive security culture.

In the presentation, Hart outlines a twelve step process to operationalise security:

  1. Understand what an operating model is and map out key dependencies for scope, risk, PLA, and KPIs.
  2. Document your current operating model.
  3. Undertake mapping of scope and categorize business functions by impact.
  4. Implement KPIs to track the effectiveness of your current operating model.
  5. Use data from KPIs aligned to business functions to show the effectiveness of the current operating model.
  6. Implement PLAs to align the business, process and technology to drive change.
  7. Present monthly PLAs to stakeholders and business functions to measure effectiveness from current operating model to target operating model.
  8. Enable automation of KPI data aligned to core foundations to feed into PLA.
  9. Identify process and accountability challenges using PLAs underpinned by KPI data.
  10. Use the PLA to explain and show the effectiveness of cybersecurity investment.
  11. Apply the same process to the next business function.
  12. Target operating model starts to form part of the business process.

Related assets: