Establishing Cyber Standards will increase security posture

By Jeffrey LushJan 19, 2018
Industry Knowledge
Print

Prefer to listen:  You can also subscribe to the BAP PodCast channel or listen to the specific podcast

Prefer to watch:  You can also subscribe to the BAP YouTube channel (build.anlyze.protect) or view the specific video

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Prefer to read: 

Establishing a security objective and the accompanying implementation of that purpose is often referred to as a security standard or security control. The security objective is not isolated only to "technical objectives," although can be extended to meet any purpose that drives a focused result.  The process used to secure access to my building is an example of the security objective that is not technical by nature. The security objective should be a constant within the environment, although the flexibility is the implementation of the security objective.

The implementation of the security objective is often specific to the security policy implemented. A cybersecurity policy designed to protect large quantities of data, as well as a "no-residual data" environment both use an encryption security standard. The implementation of encryption is considerably different when applied to data resting within the organization compared to no residual data within the environment. The objective to encrypt and secure data at rest, as well as data and flight, are critical attributes of the cybersecurity objective, although the implementation is entirely different.

Establishing consistent security objectives coupled with flexible implementation of the security objective will produce consistent and repeatable cybersecurity protection.