Fundamentally, our society is more technology reliant than ever, making cybersecurity one of the most relevant and necessary discussion topics of our time. In the modern world, cybersecurity is no longer an IT discussion, it is a discussion in risk management. As a trusted advisor, the function of Integrated Solutions is to support our clients in assessing their current security position, evaluate the greatest area of risk and facilitate remediation steps to offset risk.
Cybersecurity is a broad and complex subject matter. In order to bridge the communication gap to improve understanding and reduce complexity, there must be a common language – that language exists in the form of a security framework.
While there are many security frameworks available and no single mitigation strategy is guaranteed, the cybersecurity framework (common language) that Integrated Solutions has chosen is based on the National Institute of Standards and Technology (NIST) but does also incorporate the Australian language in the form of The Essential Eight. NIST’s approach has been chosen for its comprehensiveness in covering a wide range of business governance.
The threat medium is constantly changing, and the level of sophistication increasing; therefore, the risk assessment exercise must be an ongoing investment. As businesses begin to asses and implement the framework, their own level of sophistication may change. The frequency of the exercise and/or investment is unique to each business, subject to its risk profile and tolerances.
Initial consultation to define and understand the risk profile unique to each business
Undertake the risk assessment exercise, measure the area(s) of risk, evaluate potential remediation options
a. Accept the solution: create an action plan for remediation
b. Accept the risks: sign off
Create a roadmap for continuous improvement