Our CISO-360 CyberRisk Control intervention and diagnosis plan enables organizational managers to take control of cybersecurity risk management. In the previous article, I discussed the “identify” function, which allows you to create an inventory of assets, assess their criticality and vulnerability. In this article, I will discuss the “protect” function, which is the logical continuation of a cybersecurity program.
The “protect” function includes all measures aimed at preventing and limiting the impacts of a cyberattack. A good understanding of your data, as well as the criticality of your sensitive systems, will guide you towards the protection strategy to be put in place. Several means of protection must be considered:
• Access control: Limiting access to data and certain systems based on privileges/roles is one of the controls that should be implemented. Too often we see organizations giving non-essential access to critical or personal data to their employees.
• Zone segmentation: A second control to deploy is to limit the impact of a potential cyberattack, for example, by logically segmenting information systems. Thus, a cyberattacker infiltrating a particular segment would only have a limited impact.
• Information protection processes and procedures: Security policies and procedures should be put in place. This makes it possible to monitor and measure the protection of the organization’s assets and information systems.
• Maintenance: Upgrading systems remains essential to keep them up to date and benefit from recent control measures.
• Protection technology: Automated tools can be used to monitor optimal system security.
With the implementation of new laws on the protection of personal information, such as Law 25 in Quebec, data protection is no longer an option; it is now an obligation.
The finance manager understands the value of financial data very well and ensures that access to information is limited. Financial controls include methodologies and processes to validate the source and accuracy of data. In a cybersecurity context, the “protect” function is the application of these measures at the global level in the organization.
Eficio’s executive resources, who perform the CISO-360 Cyber Risk Control diagnostic, will be able to identify the maturity and risks of your organization. Their expertise in cybersecurity and executive experience will bring you significant assets.
If you want to react to this article or obtain more information, do not hesitate to contact Eficio.
All articles in our folder are available via the following links:”
Subscribe to the Eficio newsletter and be the first to receive our updates!