Should Your Organization Get Cyber Security Certified?
Cyber Security is top of mind for many organizations and there is a lot of discussion and marketing for a wide range of cyber security certifications. A number of organizations question the benefits of getting certified. The point is not the certification, it is the process of operationalizing security operations within your organization that is important.
The process of certification against a security standard will help your staff migrate from ad-hoc security activities to holistic and ongoing operational practices. The certification makes these practices visible both internally and externally of the organization.
Internally, certification keeps security operations and practices top of mind for all staff, not just the IT team. Security is the responsibility of the entire organization. The process of getting certified enforces good practices and reduces risks by:
Externally, a cyber security certification communicates to your customers, suppliers, and entire business ecosystem that you take cyber security seriously. Many organizations have started to require minimum security operations benchmarks, as part of their business contracts. This trend is expanding, so more businesses will follow suit.
The next question that is often asked is, which certification framework should my business use? Since a cyber security certification is not a one and done type of thing, the key is to pick one that fits your business operations, scale, and sector. Most of the certifications are based on the same guiding principles of cyber security, it is important to pick one that is expected and respected in your business sector. There are many to choose from, but to name a few:
In hockey or any sport really – a good defenseman is never standing still; they are always reacting to play around them. Cyber security is the same, if you are standing still, the hackers are going to blow right by you and breach your organization’s systems. Cyber security certifications can help you operationalize security, so you keep your (cyber security) feet moving.
Data Perceptions provides a range of cyber security consulting services including security assessments. We can provide assessments against a range of security frameworks including ISO, NIST, and CSC. In recent assessments, we have seen a common issue around secure device configuration. This security control is a constant across all security frameworks. Secure device configuration is more about process than technology. Organizations need to have a deployment process for:
It is also recommended that there be a process to regularly review and monitor the devices to keep the passwords, settings, patches, and security features up to date. Devices would include workstations, servers, IoT devices, mobile devices, network equipment, and printers – anything attached to the network.
A regular process is also required to remove accounts that are no longer needed such as guest, departed employees or contractors, and test or temporary accounts.
These tactics reduce the level of inherent vulnerabilities and make a hacker’s job more difficult.
Data Perceptions is here to help guide you through the certification process. Our cyber security consulting team specializes in helping our clients develop holistic cyber security operational practices that align with you chosen cyber security framework and business operations. Data Perceptions was the first organization to be certified under the new CyberSecure Canada (CSC) framework.