Cybersecurity is a journey, not a destination; where cybersecurity controls have been traditionally defined as safeguards to protect, avoid, detect and respond to cybersecurity risks. However, the modern-day needs require cybersecurity controls to be more-continually evolving and adapting to a by-the-minute changing threat environment.
Organisations need to have a cybersecurity controls roadmap to integrate the right, effective and efficient cyber controls applied at the people, process, and technology layers of an enterprise to have the best chance of achieving an optimized security posture.
Here’s our view on the 2018-19 prioritized set of cybersecurity controls staggered in 3 stages:
01 Build foundation cybersecurity controls (12 months)
02 Improve by adding layered defense at people, process, and technology (18-24 months)
03 Optimize to drive efficiency (24-36 months)