Does your company have a culture of "Organizational Integrity?"
Boards of Directors have the responsibility to insure the resiliency of the organization. The people, processes, systems and external events that are constantly changing the operational risk landscape become the greatest threat to an enterprise.
One key item may have revealed itself in your experience so far. How would you improve your organization, when it comes to "Incident Response"?
One truth is, that our individuals who have a "C" in their title acronym, (CEO, CSO, CIO, CTO, CISO, CMO, CRO) have been challenged in new ways. These same leaders have not trained enough, or long enough in this past decade. Complacency is now becoming apparent again.
Our leadership skills have all been exposed to the vulnerabilities of people, processes, systems and external events. We have been caught off guard on a spectrum of challenging global incidents just these past 24 months. A crisis spectrum that spans our physical world. Also to our invisible virtual digital world.
Our growing "Incident Response Spectrum" is wide and vast. It still requires specialized skills and knowledge to address the kind of change, that will now increasingly be required, in Fortune 500 Global Companies, Mid-Market INC 500 emerging businesses and especially, our Small-Medium Businesses (SMB).
How will we continuously Understand, Decide and Act from this point forward?
"The private sector organizations of the United States are vital to the protection and security of the Homeland. The private sector owns a majority of our assets and Critical Infrastructure Protection (CIP) remains a priority as a result of the latest asymmetric threats."
The U.S. National Strategy to Secure Cyberspace, emphasizes the importance of public/private partnerships in securing these critical infrastructures and improving national cyber security.
Similarly, one focus of the Department of Homeland Security is enhancing protection for critical infrastructure and networks by promoting working relationships between the government and private industry.
The federal government has acknowledged that these relations are vital because most of America’s critical infrastructure is privately held. Further, the networks of our global super-infrastructure are tightly “coupled”—so tightly interconnected, that is, that any change in one has a nearly instantaneous effect on the others.
Attacking one network is like knocking over the first domino in a series: it leads to cascades of failure through a variety of connected networks, faster than most human managers can respond.
Many companies have already started the establishment of an “Insider Threat Program” (InTP)…have you?
