June 28, 2018

It's Time to Rethink Cybersecurity Risk Management: Part 2

by: Katie Sloane


Photo Credit: © turbomotion046 - stock.adobe.com

This article is continued from Tuesday's article It's Time to Rethink Cybersecurity Risk Management

Company-wide, effective risk management will never be a one-stop shop. Cybersecurity will remain as multifaceted as the omnipotent, threats that lurk in every corner of the Internet. Successfully addressing all facets of cybersecurity through a holistic program requires a methodology that accounts not only for the IT component, but how it will apply to the compliance, HR, governance and legal requirements of an organization.

Initial Assessment

To work towards a holistic cybersecurity program, it’s essential to begin with an initial risk assessment to obtain a baseline of the present cybersecurity state of your organization. With a baseline, you can start to understand how the current program is lacking and how to go about improving it. Not only should an initial assessment evaluate a company’s current risk profile and vulnerabilities, but it should assess current cybersecurity policies against the current legal background and compliance regulations. After diagnosing weaknesses with quantifiable results, cybersecurity risk can be evaluated in real time.

Customized Cybersecurity Program 

Following an assessment of your environment, and once your current security posture has been established, a customized cybersecurity program should be designed to cater specifically to your organization. A complete cybersecurity program includes policies, best practices, response plans, cybersecurity incident logging, vendor attestations and any necessary regulatory materials. As a best practice, firms should leave this to the experts and seek a reputable cybersecurity service provider to help you implement this program.

Managed Threat Protection

A security operations center (SOC) should be monitoring your environment 24x7x365 to defend against known and unknown threats in real time. Constant monitoring of threats can make it both easier and faster to detect and protect against potential cyber threats and attacks.

Chief Information Security Officer - CISO

It’s imperative that your company designate a Chief Information Security Officer (CISO) either internally or through a third-party provider. This officer should drive the cybersecurity program from design and development through to implementation and integration. The CISO should also spearhead and centralize employee training, integration and program governance. Additionally, this designated individual should relay cybersecurity risk management objectives and administration to executive management.

Employee Security Training

Cybersecurity initiatives will be rendered entirely ineffective if employees are not fully informed or on board with new security protocols. Training should be engaging, up-to-date and mandatory to convey the importance of abiding by cybersecurity policies and the danger of not complying.

Employees need to be educated and trained in identifying risks and threats, such as phishing emails and ransomware, as well as mitigation and remediation. Employee performance should be recorded to identify individuals who may require additional training modules and education reinforcement.

Third-Party Management

A crucial element to ensuring that your company is compliant with your cybersecurity program is looking to those outside of your company. Managing third-party compliance, such as investors and vendors with whom you do business, should be able to follow your internal cybersecurity policies.

Centralizing contractual duties, representations, warranties and duties from third-parties and managing communications will simplify completing your due diligence in determining who you can continue to do business with, and with whom you need to discontinue any data processing or management.

Technology alone cannot defend us from the scores of cyber threats that we face daily. To be truly holistic, a complete cybersecurity program must promote and reiterate a Culture of Security, in which all employees are integral to the defense of an organization. Align’s unique approach to cybersecurity allows us to detect risks and identify threats that are embedded across business functions and the cybersecurity risk management landscape.

Contact us today to speak with an Align Cybersecurity expert.  

Contact Us ➜


For further insights into designing a robust cybersecurity program, download the whitepaper by using the button below or click here

Download The Whitepaper Today

Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC