TRENDING:

9 Ways to Approach IT Security

Advice for Government Leaders Eric Chabrow (GovInfoSecurity) • May 12, 2009    
9 Ways to Approach IT Security
Creating a positive cyber culture that includes cooperation among countries, building partnerships with business and educating employees and users are key elements in building effective government information security programs, a new report concludes.

"The wrong approach could foster isolation, the prospect of cyber-protectionism and an inadequate balance between security and civil liberties," Greg Pellegrino, Deloitte Touch Tohmatsu global public sector industry leader, said in a statement unveiling the accounting and consulting firm's report, Cybersecurity: Everybody's Imperative: Protecting Our Economies, Governments and Citizens.

In the report, Deloitte advisors recommend nine approaches governments should take toward information security:

  1. Be vigilant about the threats that make cybersecurity necessary - but don't lose sight of the positives that good cybersecurity can enable.

  2. Identify and catalog critical infrastructures that are vulnerable to cyber compromises.

  3. Approach cybersecurity as the ongoing management of a continuous risk, not as a safeguard against specific future attacks.

  4. Don't think of cybersecurity as merely protecting digital assets. The digital domain influences almost every other part of life - so cybersecurity is ultimately about protecting everything of value.

  5. Remember that cybersecurity cannot be achieved through technology alone. It requires a cultural understanding and a widespread willingness to exhibit secure behaviors.

  6. Recognize the central role of the private sector in both creating and using cyber assets. Treat cybersecurity as a public-private partnership, not a top-down mandate.

  7. Plan for resiliency - the ability to react and recover when cybersecurity is compromised despite protective efforts.

  8. Treat cybersecurity the way you treat customs, food imports and immigration - make access to your market contingent upon adherence to safety standards you determine.

  9. Identify key assets and likely threats, then focus security resources accordingly. If you call everything critical, nothing actually is.
"Governments should treat cybersecurity - and the changes in habits and lifestyle that go with it - as whens, not ifs,'" Pellegrino said. "There's no question that we need to live with this. There's no way back."
Previous
WHO: Up to 2 Billion May Get H1N1 Virus
Next
Feds Budget $75.83 Billion for IT

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Coming Invasion? Russian Cyber Activity in Ukraine Escalates
Coming Invasion? Russian Cyber Activity in Ukraine Escalates
Why SBOMs in the Healthcare IT Supply Chain Are Critical
Why SBOMs in the Healthcare IT Supply Chain Are Critical
Establishing a Risk-Based Approach for Enhanced Cyber Capabilities
Establishing a Risk-Based Approach for Enhanced Cyber Capabilities
Ukraine Cyber Attacks: A Case of Hacktivism?
Ukraine Cyber Attacks: A Case of Hacktivism?
How Medical Device 'Ingredient Labels' Could Bolster Security
How Medical Device 'Ingredient Labels' Could Bolster Security
How Evolving Privacy Regulations Affect Consumer Health Apps
How Evolving Privacy Regulations Affect Consumer Health Apps
DevSecOps in Healthcare: Critical Considerations
DevSecOps in Healthcare: Critical Considerations
2021 End-of-Year Special: Examining Biden's Executive Order
2021 End-of-Year Special: Examining Biden's Executive Order
Ransomware Gatecrashes the Apache Log4j Attack Party
Ransomware Gatecrashes the Apache Log4j Attack Party
Preventing 'Rogue Device' Attacks: A Case Study
Preventing 'Rogue Device' Attacks: A Case Study

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.