Consortium of Leading Cyber Technology and Insurance Providers Announce the Launch of SafeHouseInitiative.org
January 17, 2023
No Comments
This is a companion blog to the “The SafeHouse” podcast dated November 14, 2024, with host Jeff Edwards, Co-Chair of the SafeHouse Initiative and his guest Kelly Hood, EVP & Cybersecurity Engineer, Optic Cyber Solutions. Listen to the original podcast here: https://safehouseinitiative.org/using-frameworks-effectively-to-plot-your-cybersecurity-journey/
Cybersecurity is a journey and navigating it can often feel overwhelming. With numerous frameworks available, many organizations grapple with questions like, “Am I maturing fast enough?” or “Have I done enough?” Today, we dive deep into the value of frameworks in cybersecurity with insights from industry experts.
Frameworks play a critical role in understanding the complex landscape of cybersecurity. Kelly Hood, Executive Vice President and Cybersecurity Engineer at Optic Cyber Solutions, emphasizes that frameworks help define what cybersecurity means to each organization. She explains, “Frameworks help to create that structure to say what are we talking about here and scope that conversation to allow you to go a little a level deeper.” This structured approach allows organizations to orient themselves and understand where to start in their cybersecurity efforts.
When engaging with clients, the first step is to assess their current cybersecurity posture. Hood notes, “Even if somebody comes to us and says, you know, I’m I’ve just got this new cyber security role I don’t know what we’re doing… oftentimes they’re doing something.” This could include basic measures like password protection or multi-factor authentication. The goal is to identify what is already in place and understand the organization’s specific risks and concerns. Hood states, “What do you care about? When you think about your business, are you worried about protecting your sensitive data?”
One of the challenges in cybersecurity discussions is prioritizing risks. Hood explains, “Everybody thinks everything is important… but there’s always a priority.” This leads to deeper conversations about confidentiality, integrity, and availability, helping organizations determine which assets are most critical. “Those are the things we want to focus on first,” she adds.
Effective cybersecurity requires collaboration across different teams within an organization. Hood highlights the importance of gathering a combination of perspectives during discussions. “Whenever you have these conversations in silos, you meet with the operators, you get one answer… when you meet with the CISO, you get a completely different answer.” This holistic approach ensures that all voices are heard, leading to a more comprehensive understanding of an organization’s cybersecurity needs.
Assessing maturity is crucial in determining how developed an organization’s cybersecurity practices are. Hood states, “Cybersecurity can be so nuanced.” For example, she explains that basic access control could mean anything from a simple bike lock to a sophisticated biometric system. The key is to align maturity levels with risk. “What is the risk? How risky do you want to be versus how mature do you want to be?”
Hood likens frameworks to maps that guide organizations on their cybersecurity journey. She says, “We created this free tool that you can go download that’ll let you track… what maturity you think you are.” This tool helps organizations visualize their progress and align their efforts with specific frameworks, ultimately driving better decision-making.
Organizations often face challenges when they realize they need help. Hood notes that many companies recognize this after experiencing a breach. “We get calls from people that say I had this incident… now my boss is asking what we’re doing to make sure this doesn’t happen again.” This realization often prompts companies to seek assistance in developing a more robust cybersecurity strategy.
As we conclude our exploration of using frameworks to enhance cybersecurity, Hood emphasizes the importance of having a structured approach. “Using a framework builds out that road map,” she advises. The first step for many organizations is simply to “figure out what you have.” Understanding existing assets and vulnerabilities sets the stage for effective cybersecurity planning.
In a world where cyber threats are ever-evolving, leveraging frameworks can be a game-changer. They not only provide direction but also help organizations celebrate their successes along the way. As Hood highlights, “It gives you that measuring stick… to communicate with your team and stakeholders.” By adopting a structured approach, organizations can confidently navigate their cybersecurity journeys, ensuring resilience and security in today’s digital landscape.
For more information about the SafeHouse Initiative and to learn about ways to get involved, visit their website: https://safehouseinitiative.org/.
