Cybersecurity is the body of practices, processes and technologies designed and implemented to protect networks, computers, programs and data from cyberspace threats. The traditional security approach consists in concentrating all the efforts on most critical assets protection against known threats. Due to the ever evolving nature of the threat landscape, such paradigm puts companies in a reactive state, causing them to be in a continuous state of exposure. At Akson Consulting Inc., we believe that Cybersecurity requires inexorably two key characteristics: adaptive and proactive.
Strategic Cyber Security Protective Technologies Choices
Cybersecurity depends highly on technological choices made by organizations in order to protect their technological environments. At Akson Consulting Inc., we help our clients make the best strategic and tactical choices, in terms of protective technologies, in order to be adaptive and proactive towards cyberspace particularities. Our goal is to position companies in a proactive posture while facing virtual threats. Our methodology considers the strengths and weaknesses of protective solutions in comparison to a set of key characteristics that should be implemented from a cybersecurity perspective.
“As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.” Newton Lee
CYBER SECURITY FRAMEWORK CORE IMPLEMENTATION
At Akson Consulting Inc., we help organizations design a cybersecurity framework, either to complement an existing security framework or to set a new cybersecurity program. Our methodology is based on five high level functions: Identify, Protect, Detect, Respond and Recover. In fact, those functions need to be integrated into all the tiers of an organization: Tier I – Organizational level, Tier II – Mission statement/Business process, and Tier III – Information System Level.
Our methodology follows a series of steps in which we identify the organization’s mission objectives and overall requirements, then draw the current profile of the organization from a cybersecurity point of view. After that, we conduct a cybersecurity risk assessment and create a targeted profile. The next step consists in outlining and prioritizing the gaps between the current profile and the targeted one. As a final step, we submit a detailed action plan, in order to address cybersecurity identified deficiencies, leading us to reach the targeted profile.
CYBER SECURITY RISK ASSESSMENT
A cybersecurity risk assessment is similar to a traditional risk assessment, since it targets vulnerabilities and threat identification and possible impact assessment, so that we can determine security controls implementation most effective positions. The cybersecurity assessment touches also all Tiers of an organization:
- Tier-I: From an organization structure standpoint
- Tier-II: From a mission statement and business processes perspective
- Tier-III: From an information system level
In fact, the approach differs from a traditional risk assessment as it is focused on the analyzed tiers adaptive and proactive sides. In other words, our approach focuses on analyzing the gaps that exist between current implementations and how they respond to the ever changing threat landscape.