It is an essential protective layer for any organisation.

Irrespective of what many of us may say or write, the cyber security agenda remains dominated by products and technology.

Of course, the problem has a technical dimension and the protection of any firm against cyber threats will require the application of technical countermeasures at a number of levels.

But there are countless tech vendors and service providers out there trying to sell their products as the silver bullet which will protect you from anything. And countless small firms still holding simplistic views on cyber threats: “We’re fine; all our data is in the cloud”

For any organisation above a certain size, effective and efficient protection can only result from the layered application of protective measures at people, process and technology level. And in that order.

It has to start with people. And that doesn’t mean rolling out a security awareness programme. Middle management has always had the tendency to jump straight into the solution space at the back of a simplistic analysis of the problem, but at the heart of the “people” aspects of any security strategy, lay issues of corporate culture and corporate governance.

“Good security governance” is not a piece of useless consultant jargon. It is an essential protective layer for any organisation.

#cyber security #governance #security #strategies