Cybersecurity has never been as imperative as it is today. Cyber attacks are increasing in both frequency and sophistication and are more targeted than ever. Meanwhile, no organization globally is immune to attack
Organizations will be judged not only on their ability to prevent attacks, but also to detect and respond to them. It is more critical than ever to have a well-established information security program that guides investment of finite resources and helps ensure risk is mitigated to an acceptable level. The role of security is to help the business to make informed decisions around risk. Security is not an IT problem but a business enterprise risk. Through effectively managing risk, security enables the business to achieve its goals.
To assist organizations in understanding where to invest these finite resources, the Province of British Columbia has defined a list of critical security controls in Defensible Security for Public Sector Organizations. The Province is committed to “raising the water level” of security in BC and across Canada.
What is Defensible Security?
- Doing the basics stops 80% of the problems.
- No organization globally is immune to attack.
- Organizations must be able to prevent the majority of attacks, detect the majority, and respond to the majority.
- Many organizations by now are aware they need to do something around security given the sharp increase in attacks and sophistication.
- Defensible Security helps organizations know what they need to be doing at a minimum to achieve security posture that is defensible.
- It also helps them understand how to do it in a very iterative, pragmatic way.
Defensible Security Tools and Resources
- The Defensible Security Manual for Public Sector Organizations provides a high-level overview on the control areas.
- The Dashboard Template can be uesd to see how an organization is rated in relation to meeting the control objectives in the form for a heat map.
- The Assessment Tool provides a quick and easy way for organizations to assess their security posture and view changes over time. It can also be used for executive reporting.