Horizons Spring/Summer 2019

First page Previous page 10 Next page Last page

annual penetration testing, technical security reviews after any major change and using the annual risk assessments to prioritize the technical testing efforts. Compliance Compliance requirements will continue to grow, become more prescriptive and expand in complexity as different jurisdictions implement new rules. The key to successfully addressing technical compliance requirements is to build a robust security program that addresses compliance and produces the necessary compliance evidence as a by-product of the security program. Recent history is littered with organizations who were in compliance with some standard or rule, but were breached anyway – because compliance was addressed by itself, instead of an integrated approach as part of their security program.

Prepared organizations will develop checklists and matrixes for compliance so they can assess or audit once and use the results to comply with many requirements. Vigilant organizations will integrate compliance into the security programs and generate the evidence necessary to demonstrate compliance as a by-product of their ongoing security program efforts. Disaster Recovery Planning & Business Continuity Ransomware, natural disasters and man-made crises over the past several years have made it clear that reliable backups, disaster recovery plans and business continuity plans are necessary. These plans need to be well designed, implemented properly and then tested and updated on a regular basis. New technology is constantly emerging to make these solutions more flexible, cloud-based or location independent, but they have to be tested before a disaster strikes. Prepared organizations will ensure critical data is addressed in the disaster recovery and business continuity plans. Vigilant organizations will build on that by regularly testing the plans, verifying backups can be recovered in a timely manner and making sure the plans are updated based on the annual risk assessments.

Trusted Relationships All businesses are a part of a larger supply chain receiving or providing products and services with business partners, vendors and service providers.

In order to leverage these relationships, establish trust with each other, develop processes to build on that trust and periodically make sure trust is still warranted.

Cyber Security in the Next Decade

10

Made with FlippingBook - professional solution for displaying marketing and sales documents online