We’re all well aware of the information sharing that takes place between the public and private sectors thanks to the various Information Sharing and Analysis Centers. While the benefits of such resources are abundantly clear, many enterprises fail to recognize how the notion of information sharing should be a critical part of their approach to security.
Traditional defense-in-depth focuses on external threats posed to a company, but it should not be the only tactic employed by the security and risk department. By focusing on the activity within the organization – understanding what employees, strategic business partners, and third-party vendors are doing within the ecosystem and how they interact with high-value assets – security practitioners are taking the right angle on cyber risk visibility.
This inside out approach to security allows for the security and risk organization to keep their focus on the assets within the company that could pose the biggest impact to the organization should they be compromised. But to get a complete understanding of those assets, security practitioners cannot solely rely on the security systems in place. While they may paint 80 percent of the picture, the remaining information can be supplied by those closest to the assets – line-of-business and application owners.
Since these systems and applications are owned by these individuals, they have a clear understanding of what crown jewels may reside in them, in addition to the users that have access to them.
By enabling continuous collaboration between the security and risk organization and line-of-business and applications owners in an automated fashion, the CISO can understand the cyber value at risk – the step to effectively managing company’s cyber.
But this can only be identified through internal information sharing and collaboration with key business stakeholders, specifically line-of-business and application owners.
Not only does this provide a complete picture of the cyber value at risk, but leads to prioritized incident response which allows the security and risk department to manage and measurably reduce cyber risk in the organization.
To close the information loop on security, a CISO must enable continuous information sharing within the organization to effectively decentralize cyber risk, and make cyber security a business problem, not one perceived as solely an IT issue.