Hitachi

U.S.A.

Hitachi Group Global Network

Americas

Asia

Europe

Middle East and Africa

Oceania

Close

How to Align Your Security Strategy with Your Business Goals
You are here: Home \ CISO \ How to Align Your Security Strategy with Your Business Goals
Posted on Tuesday, July 24th, 2018 by

Information Security Business Alignment: 3 Key Elements to Keep in Mind

 

Aligning your cybersecurity posture with your overall business objectives is essential to protect your business against breaches and intrusions. Security leaders are charged with implementing impactful and effective cybersecurity strategies that improve the organization’s cybersecurity posture.

 

New call-to-action

 

How can you improve your cybersecurity defenses in practical terms? It all starts with understanding, defining and eventually aligning the relationship between your core business functions, IT assets and data.

 

How Business Functions, IT Assets and Data Work Together

By taking a closer look on how these elements are interrelated, it will be easier for you to decide which security controls you should implement for each of them:

  1. Business functions will rely on IT assets
  2. IT assets will generate data
  3. Data will provide business functions

 

Aligning security strategy with business goals

As an executive, you are responsible for implementing security controls to business functions, IT assets and data. You will have to face internal and external risk and base yourself on best practices to protect your business functions, IT assets and data against breaches, intrusions and theft.

Only when security initiatives are aligned throughout the organization, you can strengthen your cybersecurity posture, protect your critical assets and applications against breaches, theft and intrusions, demonstrate that your security initiatives are effective and maximize your return on investment.

 

  1. Business Functions

A business function is a process or operation that is performed routinely to carry out a part of the mission of an organization. Examples includes R&D, Sales, Marketing, HR, Finance, Purchasing, Manufacturing etc.

We need security controls to protect business functions, which are typically based on governance, management, policies and planning.

  • Frameworks: They relate to the norms of the International Standardization Organization (ISO), such as ISO38500 for governance, ISO31000 for business continuity management and ISO22301 for risk, and COBIT 5.
  • Related Services: Governance, Management Roles & Responsibilities, Business Continuity Planning, Crisis Management Planning, Risk Management Planning

 

  1. IT Assets

IT assets include all elements of hardware and software used in the course of business activities and in the IT environment. Examples include operational infrastructure, routers, switches, servers and server components, desktops, mobile devices, backup devices etc.

Security controls for IT assets are very different to security controls for business functions. You will have to evaluate whether your IT assets are vulnerable to threats and, if so, to which extent:

  • Frameworks: Here, you will be able to assess vulnerabilities based on the OWASP Top 10 or CVSS.
  • Related Services: Vulnerability Scans, Penetration Testing, Social Engineering

Also, you will have to implement certain security controls in addition to the vulnerability-related evaluation:

  • Frameworks: Security controls for IT assets relate to norms such as ISO20000, ISO270xx, SANS CIS 20 Critical Security Controls, PCI DSS, NIST, COBIT5, etc.
  • Related Services: To protect your IT assets, related services include InfoSec Management Systems (policies & processes, procedures & standards, roles & responsibilities), Security Architecture Reviews, Threat Modeling, IT Disaster Recovery Planning, Security Incident Planning, Security Metrics and Dashboards etc.

 

  1. Data

By definition, data is a collection of facts (numbers, words, measurements, observations, etc.) that has been translated into a form that computers can process. In today’s digitalized world, businesses use increasingly large amounts of data to carry out their activities and influence their strategic decision making.

Even with all these security controls in place, you still need to protect your data and deal with data breaches. Ideally, organizations should have defined processes in place to monitor their environments continuously and respond to security incidents if needed. In fact, the work is not over after having implemented all security controls. It’s one thing to understand your enterprise information security, it’s even better to align all your security controls between business functions, IT assets and data to identify what works and defend what’s critical to your business.

 

Cybersecurity Strategy Planning Tool Download

Katharina Gerberding
About author:
Katharina Gerberding is the Marketing Manager, Content Strategy at Hitachi Systems Security in Montreal, Quebec, Canada. In her current role, she is responsible for developing impactful content marketing strategies to strengthen the organization’s brand recognition, support sales efforts, and help raise awareness for cybersecurity across the globe. Katharina graduated with a Master’s degree in Cross-Cultural Communication and Business Management from Newcastle University, U.K., and obtained a dual Bachelor’s degree in Multilingual Communication and Linguistics from Cologne University of Applied Sciences, Germany, and Northumbria University, U.K. Since 2012, she is member of the sponsorship committee of the humanitarian mission “Sainte-Justine at the Heart of the World”, which facilitates knowledge exchange in pediatric cardiology for children around the world. Katharina is passionate about communications, cross-culturalism and holistic living, and can be found exploring the many restaurants of Montreal in her free time.

Subscribe

Recent Videos

What is Penetration Testing?

What is a Vulnerability Assessment?

What is a Control Assessment?


More