9 Ways to Approach IT Security
Advice for Government Leaders
"The wrong approach could foster isolation, the prospect of cyber-protectionism and an inadequate balance between security and civil liberties," Greg Pellegrino, Deloitte Touch Tohmatsu global public sector industry leader, said in a statement unveiling the accounting and consulting firm's report, Cybersecurity: Everybody's Imperative: Protecting Our Economies, Governments and Citizens.
In the report, Deloitte advisors recommend nine approaches governments should take toward information security:
- Be vigilant about the threats that make cybersecurity necessary - but don't lose sight of the positives that good cybersecurity can enable.
- Identify and catalog critical infrastructures that are vulnerable to cyber compromises.
- Approach cybersecurity as the ongoing management of a continuous risk, not as a safeguard against specific future attacks.
- Don't think of cybersecurity as merely protecting digital assets. The digital domain influences almost every other part of life - so cybersecurity is ultimately about protecting everything of value.
- Remember that cybersecurity cannot be achieved through technology alone. It requires a cultural understanding and a widespread willingness to exhibit secure behaviors.
- Recognize the central role of the private sector in both creating and using cyber assets. Treat cybersecurity as a public-private partnership, not a top-down mandate.
- Plan for resiliency - the ability to react and recover when cybersecurity is compromised despite protective efforts.
- Treat cybersecurity the way you treat customs, food imports and immigration - make access to your market contingent upon adherence to safety standards you determine.
- Identify key assets and likely threats, then focus security resources accordingly. If you call everything critical, nothing actually is.