Investing time and money into security measures is crucial, according to cybersecurity expert Joshua Goldfarb. Goldfarb stated that skipping steps like formalizing policy, understanding regulations, and nurturing relationships can end up costing businesses more in the long run. He also listed 10 areas that security teams should prioritize for a more effective and secure enterprise.
Formalizing policy is one of the most important steps to take, as it sets the rules for the organization’s security. This can help the security team answer questions about what is and isn’t allowed. While policy may not be exciting, it is necessary.
Understanding regulations is also crucial, as the risk of fines and other complications is high for noncompliance. It’s important for businesses to understand the regulations that apply to them globally, even though it’s a cumbersome task.
Staying the course is essential for a successful security program. To mitigate risk and meet objectives, strategic initiatives must be planned and implemented. Tactical distractions often interfere with these initiatives and can lower the security posture of the enterprise.
Nurturing relationships with key stakeholders in the business is crucial for security leaders. Building and nurturing these relationships takes time, but they are the partners who will help improve the state of security in an organization.
Architecting for the future is also important to prepare for different possibilities that may arise. If solutions aren’t architected for the future, this can result in wasted time and money when organizations need to re-engineer or scrap solutions.
Resisting the quick fix may be tempting, but putting a band-aid solution in place can be more time-consuming in the long run than getting it right the first time. Properly training staff and creating proper documentation are also important areas to invest time and money.
Capturing lessons learned in a way that they can be leveraged in the future takes effort, but it pays dividends. By learning from the past, security organizations can improve over time.
Finally, applying lessons learned can directly mitigate risk. By understanding mistakes that were made and learning from them, organizations can improve their overall security posture.
Investing time and money into these areas may seem daunting, but it is necessary to create a more effective and secure enterprise. It’s better to learn from others’ mistakes than to repeat them, and Goldfarb’s expertise in this area can help businesses do just that.