TRENDING:

9 Ways to Approach IT Security

Advice for Government Leaders Eric Chabrow (GovInfoSecurity) • May 12, 2009    
9 Ways to Approach IT Security
Creating a positive cyber culture that includes cooperation among countries, building partnerships with business and educating employees and users are key elements in building effective government information security programs, a new report concludes.

"The wrong approach could foster isolation, the prospect of cyber-protectionism and an inadequate balance between security and civil liberties," Greg Pellegrino, Deloitte Touch Tohmatsu global public sector industry leader, said in a statement unveiling the accounting and consulting firm's report, Cybersecurity: Everybody's Imperative: Protecting Our Economies, Governments and Citizens.

In the report, Deloitte advisors recommend nine approaches governments should take toward information security:

  1. Be vigilant about the threats that make cybersecurity necessary - but don't lose sight of the positives that good cybersecurity can enable.

  2. Identify and catalog critical infrastructures that are vulnerable to cyber compromises.

  3. Approach cybersecurity as the ongoing management of a continuous risk, not as a safeguard against specific future attacks.

  4. Don't think of cybersecurity as merely protecting digital assets. The digital domain influences almost every other part of life - so cybersecurity is ultimately about protecting everything of value.

  5. Remember that cybersecurity cannot be achieved through technology alone. It requires a cultural understanding and a widespread willingness to exhibit secure behaviors.

  6. Recognize the central role of the private sector in both creating and using cyber assets. Treat cybersecurity as a public-private partnership, not a top-down mandate.

  7. Plan for resiliency - the ability to react and recover when cybersecurity is compromised despite protective efforts.

  8. Treat cybersecurity the way you treat customs, food imports and immigration - make access to your market contingent upon adherence to safety standards you determine.

  9. Identify key assets and likely threats, then focus security resources accordingly. If you call everything critical, nothing actually is.
"Governments should treat cybersecurity - and the changes in habits and lifestyle that go with it - as whens, not ifs,'" Pellegrino said. "There's no question that we need to live with this. There's no way back."
Previous
WHO: Up to 2 Billion May Get H1N1 Virus
Next
Feds Budget $75.83 Billion for IT

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Okta's Marc Rogers on Why Beating Ransomware Is a Team Sport
Okta's Marc Rogers on Why Beating Ransomware Is a Team Sport
Whatever Happened to Russia's Cyber War Against Ukraine?
Whatever Happened to Russia's Cyber War Against Ukraine?
Arctic Wolf's Dan Schiappa on Cloud Security in a Recession
Arctic Wolf's Dan Schiappa on Cloud Security in a Recession
Reducing Risk by Breaking Down Supply Chain Siloes
Reducing Risk by Breaking Down Supply Chain Siloes
Ransomware: What We Know and What We Don't Know
Ransomware: What We Know and What We Don't Know
Hunting the Bad Guys Behind Golden SAML Attacks
Hunting the Bad Guys Behind Golden SAML Attacks
The Cryptocurrency Bloodbath and the Future of Crypto
The Cryptocurrency Bloodbath and the Future of Crypto
The Ransomware Files, Ep. 10: Dr. Ransomware, Part 2
The Ransomware Files, Ep. 10: Dr. Ransomware, Part 2
The Growing Cost of Data Breaches, Especially in Healthcare
The Growing Cost of Data Breaches, Especially in Healthcare
Analysis: How Uber Covered Up a Breach and Avoided Charges
Analysis: How Uber Covered Up a Breach and Avoided Charges

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.