TECH TALK We often hear that technology, and especially information security, is regarded solely as an expense to your institution’s bottom line, but it’s high time we change that perspective. The reality of today’s business world is that nearly all organizations of any scale in every industry rely so heavily on technology that without it, they’d largely be unable to do business long-term. If you rely on technology and the internet to perform your day-to-day operations and serve your customers, consider yourself a technology company. Here are three ways that tech companies think differently about their organization and security: 1. They understand the risk. 2. They test their people, processes, and technology. 3. Their cybersecurity program starts at the top. Understand the Risk Being able to truly mitigate your risk starts with how well you can understand and quantify risk. If you perform a risk assessment and your results only state that you have “low” risk, how do you know that’s right? How do you know what you need to do next? The primary job of a risk assessment is to help you make decisions. When it comes to IT or cybersecurity risk assessment, the output should provide you with a clear understanding of what you have and how important that stuff is, how risky your stuff is, and where you should spend your next information security dollar to mitigate additional risk. Don’t just perform a risk assessment Jon Waldman, CISA, CRISC Executive Vice President, Information Security — SBS CyberSecurity Changing Your View of Cybersecurity those controls so that you are confident they are in place and working correctly. Testing your people involves social engineering assessments (phishing emails, physical impersonation, phone impersonation, dumpster diving, etc.). Testing your processes involves an external IT audit. And testing your technology typically involves technical scans around the inside (vulnerability assessment) and outside (penetration test) of your network. to check the box; really know and understand your risk so you can secure your organization more effectively. Test People, Process, and Technology There are three ways to protect your information: people, processes, and technology. Your organization must implement risk-mitigating controls to protect your networks and customer information from those three categories. In turn, you must test the effectiveness of NEBANKERS.ORG 20
RkJQdWJsaXNoZXIy MTU2Mjk4Mw==