Follow tried, tested cyber security frameworks

Read time 2min 00sec
Brett Skinner, security sales manager South Africa at Micro Focus.
Brett Skinner, security sales manager South Africa at Micro Focus.

Investments in security technologies are generally only ever made once an event has happened. Far too often, they have not been budgeted for, and are viewed as a grudge purchase, instead of one that could generate revenue.

ITWeb Security Summit 2019

On 28 and 29 May, ITWeb Security Summit 2019 brings together leading international and local experts, analysts and end-users to unpack the latest threats facing African CISOs, CIOs, security specialists and risk officers. To find out more, click here.

This is according to Brett Skinner, security sales manager South Africa at Micro Focus, who will present on “Effective breach defence through cyber security frameworks”, at ITWeb Security Summit 2019, on from 27 to 31 May, at the Sandton Convention Centre.

He says in this reactive approach, when an organisation falls victim to a threat, the business owners determine the level of the threat, assess the amount of damage, and install measures to prevent a similar event from happening again. “This way of reacting to something we either don’t understand, or don’t want to understand, is human nature.”

Another problem with this approach to security, says Skinner, is that it keeps building higher walls, which is not the best way to manage risk. “We need to change the way we address security issues today. By following tried and tested frameworks, those responsible for security should be able to sleep better at night.”

Skinner says security frameworks follow a structured approach to mitigating risk for organisations today. He offers an analogy: “These days, we store our hard-earned cash in banks. This conjures up the vision of piles of cash being stored in large vaults, or strong-rooms within these trusted organisations. We know that in today’s age, this is not the case, but we still like to visualise it.

“In the same way, the benefit of following a framework for me is as simple. Instead of building higher perimeter walls, visualise building multiple vaults or strong-rooms that address technology investments that cover framework principles.”

A solid cyber security framework helps businesses to validate the controls and processes already in place, and identify which areas require more investing to improve technology, people or processes, he says.

Delegates attending Skinner’s talk will learn why it is imperative to have a cyber security framework in place and how to implement it in a structured manner.

See also