9 Ways to Approach IT Security

Advice for Government Leaders
9 Ways to Approach IT Security
Creating a positive cyber culture that includes cooperation among countries, building partnerships with business and educating employees and users are key elements in building effective government information security programs, a new report concludes.

"The wrong approach could foster isolation, the prospect of cyber-protectionism and an inadequate balance between security and civil liberties," Greg Pellegrino, Deloitte Touch Tohmatsu global public sector industry leader, said in a statement unveiling the accounting and consulting firm's report, Cybersecurity: Everybody's Imperative: Protecting Our Economies, Governments and Citizens.

In the report, Deloitte advisors recommend nine approaches governments should take toward information security:

  1. Be vigilant about the threats that make cybersecurity necessary - but don't lose sight of the positives that good cybersecurity can enable.

  2. Identify and catalog critical infrastructures that are vulnerable to cyber compromises.

  3. Approach cybersecurity as the ongoing management of a continuous risk, not as a safeguard against specific future attacks.

  4. Don't think of cybersecurity as merely protecting digital assets. The digital domain influences almost every other part of life - so cybersecurity is ultimately about protecting everything of value.

  5. Remember that cybersecurity cannot be achieved through technology alone. It requires a cultural understanding and a widespread willingness to exhibit secure behaviors.

  6. Recognize the central role of the private sector in both creating and using cyber assets. Treat cybersecurity as a public-private partnership, not a top-down mandate.

  7. Plan for resiliency - the ability to react and recover when cybersecurity is compromised despite protective efforts.

  8. Treat cybersecurity the way you treat customs, food imports and immigration - make access to your market contingent upon adherence to safety standards you determine.

  9. Identify key assets and likely threats, then focus security resources accordingly. If you call everything critical, nothing actually is.
"Governments should treat cybersecurity - and the changes in habits and lifestyle that go with it - as whens, not ifs,'" Pellegrino said. "There's no question that we need to live with this. There's no way back."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.