What is the most overlooked step in a cybersecurity plan?

Security & GRC Security Strategy & Roadmap

3.3k views1 Upvote8 Comments

Sort by:

Senior Information Security Manager in Software4 years ago

Testing, and that the plan must be regularly updated.
Regularly could mean quarterly or more often.

Director of Technology in Government4 years ago

Overlooking physical security in your CyberSecurity plan could leave a major gap in your CyberSecurity posture.

CIO / Managing Partner in Manufacturing4 years ago

Getting senior executives fully on board and understanding it.

Fractional CIO in Services (non-Government)4 years ago

Communicating it in a way that makes sense to your people.

VP, Director of Cyber Incident Response in Finance (non-banking)4 years ago

This is an excellent question. I think it's the maintenance of the plan itself. Because even if you document the plan, and the processes to address the response, each security incident is unique enough that it will require you to update the processes involved. So the moment you publish your plan, it's already out of date!

1 Reply

no title4 years ago

Absolutely. I would say actually following it, and keeping it up to date and current, are the biggest challenges. Too many organizations create a plan, the stick it on a shelf until the next annual audit rolls around. It does you no good if you don't actually follow through from the plan.

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models. Scope includes Environment Setup: Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation. Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

What’s the top cybersecurity challenge concerning your organization right now?

AI-driven threats (deepfakes, automated attacks) 21%

Software supply chain risks 21%

Insider risk (both malicious & accidental) 13%

Regulatory compliance 11%

Cloud misconfigurations 13%

Shadow IT (or shadow AI) 11%

Ransomware 4%

Talent shortage in cybersecurity4%

Something else (comment to explain)2%

View Results

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

What technological innovation will impact the world most?

Artificial Intelligence / Machine Learning41%

Automation18%

Cloud17%

Edge / IoT6%

Augmented / Virtual Reality6%

Blockchain4%

5G3%

Other (comment)

View Results

What is the most overlooked step in a cybersecurity plan?

Sort by:

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What’s the top cybersecurity challenge concerning your organization right now?

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

What technological innovation will impact the world most?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go