Over the past few decades, cybersecurity has
gained pivotal importance in the way businesses
operate and survive in their value systems.
Exponential growth in the number of users and
devices connected to the Internet has led to an
unprecedented expansion in the attack surface
available to perpetrators in the world
of cybercrime.
While attack vectors get more and more
sophisticated, enterprises across the globe are
confronted with a challenge to address their
security concerns in an effective, yet cost-efficient
way. Information security is possibly one of the
most vibrant areas in the IT sector, in which
technical innovation constantly paves the way to
defeat emerging threats. This is not surprising,
as the threat landscape itself is constantly
evolving and it demands a constant revival of
defense tactics.
Technology, however, is just one facet of
defense strategy for any enterprise. A holistic
view on people, process and technology is
required in any organization to make the
defense strategy successful. Ironically, the sheer
size, complexity and geopolitical diversity of
a modern-day enterprise acts as an inherent
obstacle for its pursuit to achieve business
objectives in a secured environment.
This article explores these challenges, analyzes
common frameworks available to manage
these challenges and deliberates on evolving
possibilities that may give chief executive officers
(CEOs) the agility required to cope with the
cyberthreat landscape.
UNDERSTANDING THE CORE OF THE PROBLEM
One might wonder if the information security
industry really understands the problem that
security professionals are trying to solve. At the
crux of the issue lies the paradigm of threat,
vulnerabilities and value at stake for a business.
An area for improvement is to solve the problem
at its source.
The source of the problem is not threats
themselves, but threat agents. The term “threat
agent,” from the Open Web Application Security
Project (OWASP), is used to indicate an
individual or group that can manifest a threat.
So, who are these individuals or groups of
individuals at the source of the problem?
Seemant Sehgal, CISA,
CISM, BS7799 LI, CCNA,
CEH, CI W Security Analyst,
SABSA, heads the security
assessment services
department at ING Bank, The
Netherlands. He has engaged
with organizations such
as Capital One Bank, IBM,
COMODO Security Solutions
and Cisco Systems in
various domains of
information security.
Effective Cyberthreat Management
Evolution and Beyond
Do you have
something
to say about
this article?
Visit the Journal
pages of the ISACA
web site ( www.isaca.
org/journal), find the
article, and choose
the Comments tab to
share your thoughts.
Go directly to the article:
Figure 1—World Economic Forum Cyber Risk Framework
Source: World Economic Forum, www.weforum.org/. Reprinted with permission.
Threats Vulnerabilities Values at Risk Responses
Corporate
Espionage
Hacktivism
Policies
Regulations
Governance
Information Sharing
Mutual Aid
Coordinated Action
Risk Markets
Embedded Security
Pro
ce
ss
es
A
cci
de
ntal
Poor
Pra
ctic
e
Te
c
hnolo
g
y
Tradi
tio
nal
Comm
u
ni
ty
Sy
s
t
emic
Criminal
Government-
driven