{"id":9412,"date":"2020-08-24T10:31:54","date_gmt":"2020-08-24T10:31:54","guid":{"rendered":"https:\/\/www.experfy.com\/blog\/?p=9412"},"modified":"2023-11-17T07:06:55","modified_gmt":"2023-11-17T07:06:55","slug":"good-security-governance-is-not-a-piece-of-useless-consultant-jargon","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/bigdata-cloud\/good-security-governance-is-not-a-piece-of-useless-consultant-jargon\/","title":{"rendered":"\u201cGood Security Governance\u201d is not a Piece of Useless Consultant Jargon"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"9412\" class=\"elementor elementor-9412\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-342d2d56 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"342d2d56\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3456129\" data-id=\"3456129\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-89f69e5 elementor-widget elementor-widget-heading\" data-id=\"89f69e5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">\n<h2 class=\"wp-block-heading\">It is an essential protective layer for any organisation.<\/h2>\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1e691e4 elementor-widget elementor-widget-text-editor\" data-id=\"1e691e4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Irrespective of what many of us may say or write, the cyber security agenda remains dominated by products and technology.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>Of course, the problem has a technical dimension and the protection of any firm against cyber threats will require the application of technical countermeasures at a number of levels.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>But there are countless tech vendors and service providers out there trying to sell their products as the\u00a0<a href=\"https:\/\/corixpartners.com\/cyber-security-misleading-message-technology-industry\/\" target=\"_blank\" rel=\"noreferrer noopener\">silver bullet<\/a>\u00a0which will protect you from anything. And countless small firms still holding simplistic views on cyber threats: \u201cWe\u2019re fine; all our data is in the cloud\u201d<\/p>\n<!-- \/wp:paragraph -->\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-28be5b7 elementor-widget elementor-widget-text-editor\" data-id=\"28be5b7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<!-- wp:paragraph -->\n<p>For any organisation above a certain size, effective and efficient protection can only result from the layered application of protective measures at people, process and technology level. And in that order.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>It has to start with people. And that doesn\u2019t mean rolling out a security\u00a0<a href=\"https:\/\/corixpartners.com\/hard-truth-cyber-security-awareness\/\" target=\"_blank\" rel=\"noreferrer noopener\">awareness<\/a>\u00a0programme. Middle management has always had the tendency to jump straight into the solution space at the back of a simplistic analysis of the problem, but at the heart of the \u201cpeople\u201d aspects of any security strategy, lay issues of corporate culture and corporate governance.<\/p>\n<!-- \/wp:paragraph -->\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dd8c91d elementor-widget elementor-widget-text-editor\" data-id=\"dd8c91d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<!-- wp:paragraph -->\n<p>\u201cGood security governance\u201d is not a piece of useless consultant jargon. It is an essential protective layer for any organisation.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>It ensures a visible endorsement of security values from the top down, brings clarity around security roles, responsibilities and accountabilities across the whole organisation, and more importantly, it is the cornerstone that \u201cget things done\u201d around security through an effective and efficient layer of reporting.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>Only the actual execution of security measures (i.e. the actual deployment of security processes and the technology required to support them) will protect the business. And that\u2019s where many organisations \u2013 larger and smaller \u2013 have failed over the past decades in spite of colossal investments in cyber security: Security projects get deprioritised half way through or focus only on non-existent low hanging fruits; over time, people get demotivated and leave, nothing gets finished and half-baked \u201csolutions\u201d\u00a0<a href=\"https:\/\/corixpartners.com\/security-products-vendors-proliferation\/\" target=\"_blank\" rel=\"noreferrer noopener\">proliferate<\/a>: According to a recent\u00a0<a href=\"https:\/\/www.securitymagazine.com\/articles\/91776-cisco-2020-ciso-benchmark-report-average-company-uses-20-security-technologies\" target=\"_blank\" rel=\"noreferrer noopener\">survey<\/a>\u00a0by Cisco, the average organisation now uses 20 different security technologies.<\/p>\n<!-- \/wp:paragraph -->\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a6adfca elementor-widget elementor-widget-text-editor\" data-id=\"a6adfca\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<!-- wp:paragraph -->\n<p>Let\u2019s get this straight: This is plain governance failure and it has been plaguing organisations \u2013 large and small \u2013 around security for the best part of the last two decades.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>To avoid those mistakes, break that\u00a0<a href=\"https:\/\/corixpartners.com\/cyber-security-when-not-if\/\" target=\"_blank\" rel=\"noreferrer noopener\">spiral<\/a>, and target the management and governance roadblocks which have prevented progress in the past, most organisations need to act at three levels:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>First,\u00a0<strong>get a good understanding of your security maturity posture<\/strong>\u00a0to start with and set realistic timeframes around change. Change takes \u201cthe time it takes\u201d and there may be no quick wins.<\/p>\n<!-- \/wp:paragraph -->\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-50e9de5 elementor-widget elementor-widget-text-editor\" data-id=\"50e9de5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Then,\u00a0<strong>be objective about the skills and resources you have to deliver change<\/strong>\u00a0and set realistic improvement goals. Jumping straight at ineffective \u201c<a href=\"https:\/\/corixpartners.com\/role-virtual-ciso\/\" target=\"_blank\" rel=\"noreferrer noopener\">virtual CISO<\/a>\u201d solutions in the hope of making the problem disappear will not help if nobody is there to execute.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>Finally,\u00a0<strong>stay focused<\/strong>. Security transformation often involves a change in mindset which needs stability to develop and takes time to set in. Changing directions or priorities every time something happens in the business or elsewhere will simply kill any transformational momentum around security.<\/p>\n<!-- \/wp:paragraph -->\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>\u201cGood security governance\u201d \ud83d\udd12 is not a piece of useless consultant jargon. It is an essential protective layer for any organisation. It ensures a visible endorsement of security values from the top down, brings clarity around security roles, responsibilities and accountabilities across the whole organisation. <\/p>\n","protected":false},"author":529,"featured_media":9413,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[187],"tags":[570,350,430],"ppma_author":[3178],"class_list":["post-9412","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bigdata-cloud","tag-governance","tag-security","tag-strategies"],"authors":[{"term_id":3178,"user_id":529,"is_guest":0,"slug":"jean-christophe-gaillard","display_name":"Jean-Christophe Gaillard","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_b55e5afa-fb86-428a-a054-3be0451df2a4-150x150.jpg","user_url":"https:\/\/www.corixpartners.com","last_name":"Gaillard","first_name":"Jean-Christophe","job_title":"","description":"Jean-Christophe Gaillard\u00a0is Managing Director and Founder at Corix Partners. He is also a Non-Executive Director with\u00a0<a href=\"https:\/\/www.stratasecurity.co.uk\/\">Strata Security Solutions<\/a>, a specialized cybersecurity firm. He has been co-president of the Cyber Security group of the\u00a0<a href=\"https:\/\/www.telecom-paristech.org\/\">Telecom Paris Tech alumni association<\/a>\u00a0since May 2016. He is the author of \u201c<a href=\"http:\/\/www.blurb.co.uk\/b\/9015902-cyber-security-the-lost-decade-2018-edition\" target=\"_blank\" rel=\"noopener\">Cyber Security: The Lost Decade<\/a>\u00a0\u2013 A Security Governance Handbook for the CISO and the CIO\u201d, He contributes regularly to\u00a0<a href=\"http:\/\/www.thedigitaltransformationpeople.com\/authors\/jc-gaillard\">The Digital Transformation People<\/a>,\u00a0<a href=\"http:\/\/www.business2community.com\/author\/jc-gaillard\">Business 2 Community<\/a>, and\u00a0<a href=\"https:\/\/www.iotforall.com\/\">IoTforAll<\/a>\u00a0platforms, as well as the\u00a0<a href=\"https:\/\/www.thebtn.tv\/\">Business Transformation Network<\/a>. He is an expert contributor on the\u00a0<a href=\"https:\/\/ciowatercooler.co.uk\/members\/jean-christophe-gaillard\/activity\/\">CIO Water Cooler<\/a>\u00a0and has previously published articles on\u00a0<a href=\"https:\/\/www.infosecurity-magazine.com\/opinions\/bridging-gap-security-it-operations\/\">InfoSecurity<\/a>\u00a0Magazine, \u00a0<a href=\"http:\/\/www.computing.co.uk\/ctg\/opinion\/2396800\/how-to-achieve-effective-cyber-security-in-a-hyperconnected-world\">Computing<\/a>, the C-Suite.co.uk,\u00a0<a href=\"http:\/\/www.informationsecuritybuzz.com\/?s=gaillard\">Info Sec Buzz<\/a>\u00a0and the\u00a0<a href=\"http:\/\/www.director.co.uk\/blog-cyber-insurance-what-do-you-think-youre-buying-20323\/\">IoD Director<\/a>\u00a0websites."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/529"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=9412"}],"version-history":[{"count":4,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9412\/revisions"}],"predecessor-version":[{"id":34126,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/9412\/revisions\/34126"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/9413"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=9412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=9412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=9412"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=9412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}