Hitachi Group Global Network




Middle East and Africa



[Infographic] How to Determine Your Cybersecurity Posture
You are here: Home \ CISO \ [Infographic] How to Determine Your Cybersecurity Posture
Posted on Tuesday, July 10th, 2018 by

6 Steps to Define your Security Posture


Defining your cybersecurity posture is essential to protecting your business against breaches and intrusions. To find out how mature you are in terms of cybersecurity, what gaps you may have to fix, and where you should prioritize your efforts, you have to undertake a variety of steps.

How can you strengthen your cybersecurity defenses in practical terms? It all starts with looking at the status quo and defining your current posture.

Following the 6 simple steps listed below can help guide you in defining your security posture from a high-level perspective.


Defining Cybersecurity Posture


  1. Figure out what’s critical to your business

Businesses are as different as people, and all have different things to protect. Take a close look at what really matters for your business and how it aligns with your overall business objectives and functions.

  • intellectual property
  • financial data
  • patient information
  • critical business functions etc.

Bottom line: If you don’t know what you are dealing with, you won’t be able to protect it.


  1. Prioritize what you need to protect

Not all assets are created equal. Make sure that your most critical assets are identified and protected adequately.

You should prioritize securing important assets, but may not need to implement complex cybersecurity measures for less important assets. It will all depend on what you identify as important to continuing to run your business successfully and with minimal disruption.


  1. Determine your risk appetite

Depending on their strategic objectives, businesses are willing to take different amounts of risk.

Figure out how much risk you’re willing to take to reach your goals, and where you should be rather conservative. Remember to review your risk appetite as your strategy changes and adjust it if needed.


  1. Implement a cybersecurity framework

Now that you’ve defined your critical assets and risk appetite, it’s time to put in place a cybersecurity framework to:

  • align your cybersecurity initiatives across the organization,
  • improve your security and infrastructure resilience, and
  • make sure that your cybersecurity risk management processes deliver measurable value.

A cybersecurity framework includes policies, processes, standards and guidelines. Have a close look at your business context and security requirements before deciding which cybersecurity framework makes most sense to follow.


  1. Asses if your cybersecurity controls are mature enough

Do you have cybersecurity safeguards and controls in place, e.g. the CIS 20 Critical Security Controls or ISO27001?

  • Yes: you need to find out how mature these controls are, if there are gaps in your controls and what you need to do to address these gaps.
  • No: you need to find out which controls are useful to implement for your business, and how you can do so.

Assessing the maturity of your cybersecurity controls is essential to not only critical to protect your business, but also to maximize your ROI and legitimize your security spending for upcoming years.


  1. Find out if you’re exposed to threats & vulnerabilities

You can only have a good cybersecurity posture if you manage your threats and vulnerabilities proactively and effectively. Some of today’s most common cyberthreats include:

  • Ransomware
  • DoS/DDoS attacks
  • Social engineering
  • Malware
  • SPAM
  • Data leakage/insider theft

You’ll need to find out if and to what extent your critical data and functions are exposed on the internet and exposed to attacks, then implement suitable security measures to protect your business from becoming a victim.

Cybersecurity Posture Assessment Checklist

Katharina Gerberding
About author:
Katharina Gerberding is the Marketing Manager, Content Strategy at Hitachi Systems Security in Montreal, Quebec, Canada. In her current role, she is responsible for developing impactful content marketing strategies to strengthen the organization’s brand recognition, support sales efforts, and help raise awareness for cybersecurity across the globe. Katharina graduated with a Master’s degree in Cross-Cultural Communication and Business Management from Newcastle University, U.K., and obtained a dual Bachelor’s degree in Multilingual Communication and Linguistics from Cologne University of Applied Sciences, Germany, and Northumbria University, U.K. Since 2012, she is member of the sponsorship committee of the humanitarian mission “Sainte-Justine at the Heart of the World”, which facilitates knowledge exchange in pediatric cardiology for children around the world. Katharina is passionate about communications, cross-culturalism and holistic living, and can be found exploring the many restaurants of Montreal in her free time.

Latest Webinars | Watch Now

Cybersecurity, Cyber Crime and Your Business — How to Strengthen Your Cybersecurity Posture – In collaboration with Cytelligence

Watch Now

Cybersecurity 101 for Credit Unions – In collaboration with the Caribbean Confederation of Credit Unions (CCCU)

Watch Now

Introduction to Technical Security Testing for Credit Unions – In collaboration with the Caribbean Confederation of Credit Unions (CCCU)

Watch Now