5 Steps to Easier, More Effective Cybersecurity Conversations
Cybersecurity is complex and it’s only getting more so each day. This is true of the methods used by cybercriminals to break in to corporate networks and of the methods used by businesses to keep them out. While there may never be such a thing as highly-simple and highly-effective cybersecurity, there is a way to make talking about it less daunting – especially if the folks across the table aren’t techies.
Cisco SAFE provides a framework businesses can use to guide their cybersecurity efforts and conversations. For IT pros, this five-step approach can help them better understand how a company’s various internal elements work together. For those on the business side, they’ll be spared from exceedingly-technical cybersecurity discussions and can instead be pointed directly at the benefits. When taken together, these improvements can lead to better organizational decisions.
Let’s dig in to Cisco SAFE more deeply to determine why this structure is already being used by leading organizations to more thoroughly secure themselves against attacks:
Step 1: Identify organizational goals. It may sound 101, but it’s important to make sure everyone in the room has the same targets in mind. Only after a cybersecurity mission statement has been drawn up and agreed upon can the organization move ahead with full confidence.
Step 2: Chop the organizational network into pieces. Say one of the goals discussed above is something like “securing the corporate network.” That’s a big, nebulous concept. Cisco SAFE understands that and so the next step is breaking it into smaller, more manageable use cases. For example, providing secure onsite wireless for guests, securing the devices road warriors count on to do their jobs, etc.
Step 3: Determine criteria for business success. Once the network has been subdivided in Step 2, the conversation must turn to which of those use cases is most critical to the success of the business. So, using our examples from above, while secure guest access likely isn’t a top priority, securing the mobile devices of frequent business travels might be.
Step 4: Categorize risks, threats, and policies. Next on the agenda is making a list of the biggest threats to the organization succeeding with a cybersecurity goal – as well as its current policies. This can shed light on soft spots or even uncover possible conflicts between a proposed solution and existing policies. Combing these points with the criteria for business success creates a well-rounded picture of the organization’s cybersecurity environment.
Step 5: Building the security solution. With that picture of its cybersecurity environment in hand, it’s time for the organization to build its ideal security solution. Cisco’s SAFE method splits this step up into three distinct phases: Capability, Architecture, and Design.
– Capability Phase – During this phase, businesses must determine what, if any, security capabilities are needed to address the list of compiled concerns. This phase may determine new solutions are needed or the business may just need to re-purpose a solution it already utilizes.
– Architecture Phase – In this phase, those cybersecurity capabilities need to be laid out in a logical workflow. Each capability should be positioned to reflect where it would be if it were securing an actual process. This makes visualizing the makeup of a security environment easier.
– Design Phase – The final phase requires actually designing the security environment itself. This calls for including specific models, interfaces, etc. Even though this map will be more technical in nature, it’s traceable all the way back through the business cases discussed during earlier steps in the SAFE approach.
Cybersecurity made easier with SAFE
The Cisco SAFE model is an excellent way to get your organization thinking differently when it comes to today’s most-critical IT topic: cybersecurity. Also, it can be vendor agnostic. The Arraya team is well-versed in the latest cybersecurity solutions and can walk you through the SAFE process to find the options that fit your unique needs.
Ready to start a conversation around cybersecurity? Reach out to us at: www.arrayasolutions.com/contact-us/. We can also be reached through our social media presence: Twitter, LinkedIn, and Facebook. Be sure to follow us to keep up with our latest company news, special events, and industry insights.
Follow along with our month-long series celebrating National Cybersecurity Awareness Month.