TRENDING:

9 Ways to Approach IT Security

Advice for Government Leaders Eric Chabrow (GovInfoSecurity) • May 12, 2009    
9 Ways to Approach IT Security
Creating a positive cyber culture that includes cooperation among countries, building partnerships with business and educating employees and users are key elements in building effective government information security programs, a new report concludes.

"The wrong approach could foster isolation, the prospect of cyber-protectionism and an inadequate balance between security and civil liberties," Greg Pellegrino, Deloitte Touch Tohmatsu global public sector industry leader, said in a statement unveiling the accounting and consulting firm's report, Cybersecurity: Everybody's Imperative: Protecting Our Economies, Governments and Citizens.

In the report, Deloitte advisors recommend nine approaches governments should take toward information security:

  1. Be vigilant about the threats that make cybersecurity necessary - but don't lose sight of the positives that good cybersecurity can enable.

  2. Identify and catalog critical infrastructures that are vulnerable to cyber compromises.

  3. Approach cybersecurity as the ongoing management of a continuous risk, not as a safeguard against specific future attacks.

  4. Don't think of cybersecurity as merely protecting digital assets. The digital domain influences almost every other part of life - so cybersecurity is ultimately about protecting everything of value.

  5. Remember that cybersecurity cannot be achieved through technology alone. It requires a cultural understanding and a widespread willingness to exhibit secure behaviors.

  6. Recognize the central role of the private sector in both creating and using cyber assets. Treat cybersecurity as a public-private partnership, not a top-down mandate.

  7. Plan for resiliency - the ability to react and recover when cybersecurity is compromised despite protective efforts.

  8. Treat cybersecurity the way you treat customs, food imports and immigration - make access to your market contingent upon adherence to safety standards you determine.

  9. Identify key assets and likely threats, then focus security resources accordingly. If you call everything critical, nothing actually is.
"Governments should treat cybersecurity - and the changes in habits and lifestyle that go with it - as whens, not ifs,'" Pellegrino said. "There's no question that we need to live with this. There's no way back."
Previous
WHO: Up to 2 Billion May Get H1N1 Virus
Next
Feds Budget $75.83 Billion for IT

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Why Banks Find It Hard to Tackle Authorized Fraud
Why Banks Find It Hard to Tackle Authorized Fraud
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
How Cyberattacks Affect CISOs
How Cyberattacks Affect CISOs
Healthcare CISO Group Focuses on Third-Party Risk Challenges
Healthcare CISO Group Focuses on Third-Party Risk Challenges
Why Is Meta Choosing to Settle Over Cambridge Analytica?
Why Is Meta Choosing to Settle Over Cambridge Analytica?
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Securing the SaaS Layer
Securing the SaaS Layer

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.