The world of cybersecurity and cybercrime is rapidly evolving and a new vocabulary is developing to match. A relatively new addition to the cyber-lexicon is the concept of a ‘security posture’ or ‘cybersecurity posture.’ What does this refer to?
The cybersecurity posture of an organisation refers to its overall cybersecurity strength. This expresses the relative security of your IT estate, particularly as it relates to the internet and its vulnerability to outside threats.
Hardware and software, and how they are managed through policies, procedures or controls, are part of cybersecurity and can be referred to individually as such. Referring to any of these aspects individually is talking about cybersecurity, but to understand the likelihood of a breach a more holistic approach must be taken and an understanding of the cybersecurity posture developed. This includes not only the state of the IT infrastructure, but also the state of practices, processes, and human behaviours. These are harder to measure, but can be reliably inferred from observation.
In the context of managing cybersecurity for organizations, directors and officers must make decisions based on deliberation and a sound appreciation of your overall cybersecurity posture. Understanding individual aspects of your cybersecurity approach is not enough. A holistic approach that quantifies risk and considers the interaction of physical, virtual, and human factors can add great value.
- Take a holistic approach to controls to help determine breach likelihood, rather than reacting to transient factors that don’t accurately reflect risk.
- Investigate and control where risk is introduced through suppliers or partners, particularly when they have access to your systems or data.
- Determine your risk appetite and establish what risks you will accept, mitigate or where you can transfer risk to an insurer.
- Benchmark your cybersecurity posture against others in your industry, and see whether you are likely to be the first choice for attackers.
- Prioritize investments with a more informed point of view on both absolute and relative risks.
Want to understand more about your organization’s cybersecurity posture? Download our Executive Briefing, Understanding Your Cybersecurity Posture. Posted by Sarah Rutherford
Source: FICO Blog