A Cyber-secure oriented company is essential for your Cybersecurity efforts

Cybersecurity is an important topic in every organisation, it's a constant concern for IT leaders and it can be a headache for IT professionals in general. The end-users can be affected as well, as usually are the ones who tend to get trapped clicking where they shouldn’t and opening suspicious emails. So, why still so difficult to have a company culture focused on Cyber-safe actions and attitudes? The answer is Leadership.

Leadership Matters

Nearly 40% of IT professionals cited their executive teams as the weakest link in their quest to secure the organization. This indicates not only a disregard by leaders of the importance of cyber awareness but also a chasm in the ability to create a cultural change within an organization. According to the NIST publication, Cyber Security is Everyone’s Job “Deep technical knowledge is not required from leaders; rather, they should model good personal security habits based on sound guidelines.”

It’s common for business leaders to see cyber management as the sole corporate protector against incidents and continue to treat cyber risk as mysterious, even scary. This kind of attitude perpetuates this theory by reserving “Incident Response” for IT leaders and Cyber Security Experts. Understanding best practices and cybersecurity basics such as industry frameworks and legislation, creating and reviewing policies and standards will get business leaders off the sidelines and on the field with their IT counterparts.

How to Revert the Situation

An important part of the Cybersecurity culture can be developed through training and constant investment in the team’s upskilling strategy. To be more precise and assertive with the Cybersecurity initiatives the National Initiative for Cybersecurity Education (NICE) is the recommended framework. NICE is focused on Cybersecurity awareness, education, training, and professional development. Its goals are to encourage and help increase Cybersecurity awareness and competence to build an agile, highly skilled Cybersecurity workforce capable of responding to a dynamic and rapidly evolving array of threats.

NICE has published the National Cybersecurity Workforce Framework (“the Framework”) to provide a common understanding and lexicon for Cybersecurity work that is to be used to describe all Cybersecurity work and workers irrespective of where or for whom the work is performed. The Framework is intended to be applied in the public, private, and academic sectors.

NICE Framework Explained

The NICE framework considers every momentum of the Cybersecurity journey and it can be easily adjusted to different corporate realities. 

Analyse

Specialty areas responsible for highly specialized review and evaluation of incoming Cybersecurity information to determine its usefulness for intelligence.

Job Areas include:

• Threat Analysis
• All Source Intelligence
• Exploitation Analysis
• Targets 

Collect and Operate

Specialty areas are responsible for specialised denial and deception operations and collection of Cybersecurity information that may be used to develop intelligence.

Job Areas include:

• Collection Operations
• Cyber Operations
• Cyber Operations Planning 

Investigate

Specialty areas are responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence.

Job Areas include:

• Digital Forensics
• Investigation 

Operate and Maintain

Specialty areas are responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security.

Job Areas include:

• Data Administration
• Knowledge Management
• Customer Service and Technical Support
• Network Services
• System Administration
• Systems Security Analysis 

Oversight and Development

Specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct Cybersecurity work.

Job Areas include:

• Legal Advice and Advocacy
• Education and Training
• Information Systems Security Operations/Officer
• Strategic Planning and Policy Development
• Security Program Management/CISO 

Protect and Defend

Specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.

Job Areas include:

• Computer Network Defence (CND) Analysis
• Incident Response
• Computer Network Défense (CND) Infrastructure Support
• Vulnerability Assessment and Management 

Securely Provision

Specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.

Job Areas include:

• Information Assurance Compliance
• Software Assurance and Security Engineering
• Systems Security Architect
• Technology Research and Development
• Systems Requirements Planning
• Test and Evaluation
• Systems Development

Every company can develop a different approach to Cybersecurity, they might adjust some of the above strategies to adapt to their reality and goals. The main message here is that besides the field and the market, it's essential to engage the whole enterprise in the Cybersecurity effort. It’s a journey and not just a solution to be implemented, it needs to be part of the company culture too, led by leaders and managers.

Click below to know more about the NICE Framework

NICE Roadmap

Cybersecurity Training

In a fast-paced environment, investing in technical training is the best way to overcome the Cybersecurity challenges. At New Horizons Ireland we provide a wide range of Cybersecurity courses from different vendors and covering all paths that you might want to follow.

In the link below, you can check all our Cybersecurity paths and choose the best option for your career.

Cybersecurity Paths

Talk to one of our Account Managers to check all your options and possibilities. New Horizons Ireland courses are available in a variety of modalities to attend your needs, such as online live, instructor-led in our Dublin classroom and Mentored Learning, which is a convenient way to attend your course at your own pace and availability.