Securing information technology assets and what that entails has continued to transform as technology becomes more integrated into society, and adversaries that would harm or exploit those systems increase. According to the Information Systems Audit and Control Association (ISACA), only “38 percent of global organizations” feel that they could withstand an advanced cyber-attack as of 2015. Ensuring the proper mechanisms are in place to secure your IT environment is crucial to mitigating the abundance of Information Security risks.
It is the process of realizing and mitigating Information Security risks that requires a tremendous amount of dedication from executive members of your organization. Without the ability to leverage executive leadership in applying Information Security practices and policies, organizations will find it extremely difficult to gain traction for the enormous culture change that needs to occur. As the private sector remains the most common victim in cyber-attacks, according to the Identity Theft Research Centers 2015 report on data breaches, more than 80 percent of the organizations targeted were non-government entities.
Applying the appropriate level of Information Security practices to any organization of any size will require a change in the culture, which changes how business as usual is performed. In order to get your workforce to dedicate themselves to adhering to Information Security practices, they must become invested in the process. Engaging your workforce to be fully attentive to security needs requires an organization to not only have policies and procedures in place, it is also critical that all employees understand the continuous threats that are evolving and how that directly impacts their work, organization and global community.
The Information Security culture at your organization is more critical than any product or service in relation to mitigation efforts, and without it all other efforts will remain undermined.
For more information on how to create a culture filled with Information Security practices for any organization and size, visit ISACA and the United States Computer Emergency Readiness Team for more information.
Michael Lovett is a proven Information Security professional who holds a range of information security experience and subject matter knowledge. He has successfully assisted fortune 500 companies develop, mature and continually asses their information security programs using leading industry practices. Michael has over five years of experience with the federal government to include the United States Department of Homeland Security and the United States Air Force. His corporate experience has been with leading consulting firms such as Booz Allen Hamilton and KPMG where he focused on cyber related solutions for clients. Additionally, Michael is a Certified Information Systems Security Professional, Certified Security Analyst, and a Certified Ethical Hacker with a Bachelor of Arts in Homeland Security and Emergency Management from Savannah State University.