Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Information Security Handbook

You're reading from   Information Security Handbook Enhance your proficiency in information security program development

Arrow left icon
Product type Paperback
Published in Oct 2023
Publisher Packt
ISBN-13 9781837632701
Length 370 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Darren Death Darren Death
Author Profile Icon Darren Death
Darren Death
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Chapter 1: Information and Data Security Fundamentals 2. Chapter 2: Defining the Threat Landscape FREE CHAPTER 3. Chapter 3: Laying a Foundation for Information and Data Security 4. Chapter 4: Information Security Risk Management 5. Chapter 5: Developing Your Information and Data Security Plan 6. Chapter 6: Continuous Testing and Monitoring 7. Chapter 7: Business Continuity/Disaster Recovery Planning 8. Chapter 8: Incident Response Planning 9. Chapter 9: Developing a Security Operations Center 10. Chapter 10: Developing an Information Security Architecture Program 11. Chapter 11: Cloud Security Considerations 12. Chapter 12: Zero Trust Architecture in Information Security 13. Chapter 13: Third-Party and Supply Chain Security 14. Index 15. Other Books You May Enjoy

Understanding the organizational context

To effectively protect an organization from potential threats, information security professionals must understand what is important to the organization beyond its information technology. To begin this process, information security professionals should examine the organization’s mission and vision statements to understand what the organization does and who its customers are. Understanding this information can help identify the business-critical processes of the organization’s operations and the technology assets that support them. For example, a hospital’s business-critical processes may include medical records on an external internet-facing technology asset. In contrast, a financial institution’s business-critical process may consist of customer financial data on an internally facing technology asset.

To take this understanding a step further, information security professionals must also work with all levels of management within the organization. This type of engagement involves reaching out to mission-driven parts of the organization to understand how they apply their mission and vision to their day-to-day work. Through this engagement, information security professionals can identify sensitive information, trade secrets, intellectual property, and business processes to understand the potential impact on the organization if this information were to be provided to a competitor, altered, or destroyed. By focusing on business processes and important data within those functions, information security professionals can establish mission-focused relationships within the organization and find allies who share their concerns.

When the highly sensitive processes and information the organization needs to operate have been identified, information security professionals can analyze this information regarding compliance requirements and the organization’s threats. This analysis must consider the organization’s specific context. Organizations may have vastly different responses to securing information systems depending on their industry, the types of information they are trying to protect, and the threats they face.

Understanding what is essential for the successful business operations of an organization, as well as establishing mission-focused relationships with the organization’s various mission units, is critical for information security professionals to protect the organization from potential threats effectively. Gathering this information requires focusing on business functions, the essential data within those functions, and a contextual understanding of the organization’s specific industry and compliance requirements.

Once the critical business processes and data have been identified, the next step is to evaluate the potential impact of a security breach on each technology asset that supports these business processes. This includes considering a successful attack’s financial, reputational, and operational consequences on an organization. For example, a data breach that results in the loss of customer financial information could result in a significant financial loss and damage to the organization’s reputation. Cybersecurity threats can significantly impact an organization’s business operations and reputation. Understanding how these threats can impact the organization from a business perspective is crucial to prioritizing and allocating resources to address them adequately.

One of the most obvious impacts of a cybersecurity breach is financial losses. A breach can result in stolen funds, lost revenue, and legal fees associated with remediation efforts. For example, suppose customer credit card data is compromised in a data breach. In that case, the organization may be liable for fraudulent charges made with those cards, which can result in significant financial losses. Another potential impact of a cybersecurity breach is damage to the organization’s reputation. A breach can erode customer trust and confidence in the organization, leading to decreased sales and difficulty attracting new customers. In some cases, a breach can result in legal action or regulatory fines, further damaging the organization’s reputation.

In addition to financial losses and damage to reputation, a cybersecurity breach can also impact an organization’s ability to carry out its business operations. A breach can result in systems downtime or data loss, disrupting normal business processes and resulting in lost productivity. A breach can have a ripple effect throughout the organization and impact multiple areas, such as supply chain management, customer service, and marketing.

Once the organizational context has been determined, it is essential to integrate cybersecurity with business operations. Alignment involves ensuring that cybersecurity measures align with the organization’s goals and objectives and do not disrupt business processes. One of the key ways to integrate cybersecurity with business operations is to involve key stakeholders in the process. This engagement includes business leaders, IT professionals, and cybersecurity professionals. By involving key stakeholders in the process, it is possible to ensure that cybersecurity measures are designed with the organization’s goals and objectives in mind and integrated into existing business processes.

You have been reading a chapter from
Information Security Handbook - Second Edition
Published in: Oct 2023
Publisher: Packt
ISBN-13: 9781837632701
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime