I was reading a book by a legendary strength coach that had one of the best definitions of ‘Fit’ I’ve ever seen. According to him, “Fit” comes from a Norse word meaning” to knit together.” In his view as a lifelong athlete and trainer of champions, he felt that it was the best definition and went as far as to define the” fittest” athletes as martial artists, aerialists, dancers, and gymnasts. Why? Because they have a combination of strength, muscular development, stamina, and grace – it all flows together when they compete. There are no jerky movements or imbalances.<\/p>\n\n\n\n
It got me thinking about cyber readiness, or, for the purpose of this article, being a “Cyber Fit” organization.<\/p>\n\n\n\n
I believe the same definition applies. Organizations that have robust cybersecurity programs stand out from their peers. Their program operates such that all the elements are woven together; it just works. However, finding a genuinely Cyber-fit company is becoming increasingly difficult. The landscape of digital assets, as well as privacy and security regulations, have grown over the decades. Companies no longer must protect what’s in their own four walls but deal with a global ecosystem of threats, adversaries, and legislation.<\/p>\n\n\n\n
What tends to happen is that Cybersecurity becomes a patchwork of various tools and processes. Some of these might provide value if they are used appropriately, but in their current state, the program cannot reap the benefits. It’s like being an athlete and having all sorts of muscle imbalances and mobility issues that are preventing optimal performance.<\/p>\n\n\n\n
I believe the answer lies in utilizing Governance. Having a solid Governance program can solidify the effectiveness of Cybersecurity by identifying the gaps in your program and creating awareness and visibility.<\/p>\n\n\n\n
The Governance program will have key performance indicators (KPIs) and Key Risk Indicators (KRIs) that demonstrate how well the program is working \u2013 or not. Some items to include are:<\/p>\n\n\n\n
The above is not a complete list, but it’s one that I have used successfully with organizations to get them started down the Governance path. It\u2019s always amended to the specific needs and risk profile of the company. But the fact that a company uses tools and processes to produce this information puts them several notches above the rest.<\/p>\n\n\n\n
The key is to present these metrics in an executive forum – such as at an Information Security Committee, a Risk Committee, or a Board meeting. This way, everyone can see the program’s strengths and areas for improvement. It also helps set priorities for the security roadmap and budgetary discussions. <\/p>\n\n\n\n
No cybersecurity program is perfect. But It’s only through Governance that you can help ensure your program has the best chance of becoming a functionally fit cyber organization to deal with the increasing threats.<\/p>\n","protected":false},"excerpt":{"rendered":"
I was reading a book by a legendary strength coach that had one of the best definitions of ‘Fit’ I’ve ever seen. According to him, “Fit” comes from a Norse word meaning” to knit together.” In his view as a […]<\/p>\n","protected":false},"author":5,"featured_media":11225,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48],"tags":[],"class_list":["post-11621","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-risk-management"],"yoast_head":"\n