Your cybersecurity risk may depend on the industry you are in and the size and location of your company. The more employees you have, the more locations, the more complexity and the more personal identifiable data your company maintains. the greater risk of a cybersecurity attack. To determine your company’s risk, you should evaluate the following:
- If there is a governance model in place for making security decisions?
- Does the Information Technology department having the right people with the right skills to both proactively prevent attacks and react if an attack occurs?
- Are the departments aware of security requirements for selecting appropriate technologies?
- Is there a level of process and program management throughout the company to ensure adherence to security procedures for new implementations?
- Are employees aware of both facility and IT security controls?
- Is there a training programs in place for continued employee security education?
- Does the organization have a sound escalation and response process in place if a security breach occurs?
Evaluating your security risk is the first step in minimizing the impact of a cybersecurity attack.
Don Cornish is the Chief Information Security Officer for Dewpoint. He has an extensive background in IT security architecture and consulting based on his experience for a leading national and global organization. Don has security and compliance consulting experience addressing multinational business entities as well as the small to medium business segments. In addition, he is a Certified Information Systems Security Professional (CISSP).