In an era when cyber-attacks are an
everyday occurrence, IT security has become one of the biggest problems
for firms. However, a US researcher has argued recently that security
should be seen in terms of across-the-board company efforts to confront
digital information issues.
Christopher Bronk, Fellow in Information Technology Policy at the
James A. Baker III Institute for Public Policy at Rice University,
Houston, Texas, argues that the question which companies who fall
victim to cyber-attacks should ask is not “How did it happen?”, but “Why
did this happen?” As he writes in his paper entitled
‘Risk-Intelligent Governance in the Age of Cyberthreats’,
understanding the way these attacks happen is important, but the first
response should be to seek the reasons leading up to the breach of
security. If a company is serious about securing its digital
communications and general resources in the most effective way possible,
it needs to develop and adopt an approach that he calls ‘cyber risk
intelligence’. For organisations to become cyber risk intelligent, they
must move beyond seeing cyber security as the province of the IT
department and understand that it concerns all areas of the company.
Rethinking the organisation from the inside
Chris Bronk has some specific advice to offer in his paper: “We
suggest three general flows of information in determining an
organizational frame for cyber risk intelligence: one that encompasses
the awareness of the IT enterprise and its apparent health; a second
that brings internal business activities into view; and a third that
encompasses broader geopolitical and economic forces.” It is by
analysing the third ‘flow’ that a company will be able to understand the
broader space in which it is positioned, subject to evolving market
conditions, political changes, competition between companies, and so on.
“Organisations need to think about how their competitors and
adversaries may gain from compromising information resources or computer
systems,” underlines the paper.
“Cyber security is a culture”
In some ways, cyber risk intelligence needs to embrace
counter-intelligence thinking and practices, suggests Bronk. Building a
more secure information ecosystem demands adoption of “good hygiene or
public health in cyberspace,” says the paper. These include
“technological practices such as deployment of anti-virus software,
intrusion detection systems and email spam countermeasures.” This
self-analysis approach is similar to the line taken by Dave Gray, author
of several books on innovation and change, who also stresses that firms
need to improve their overall awareness and self-knowledge. However one
non-negligible factor recognised by Chris Bronk in his paper is the
issue of scalability. “The largest corporations or government agencies
can allocate far more resources than the smaller players to the cyber
security problem,” acknowledges the Rice University man.
Aucun commentaire:
Enregistrer un commentaire