Cyber and Information
There are many constraints to security in organisations.
- Not all controls are technical
- Budgets aren’t growing at the same rate as threats
- Not everything can be protected to the same level
- You can’t avoid all risk to the organisation without stopping what it is doing
- Your organisation needs to develop ways to prevent, detect and respond to the threats that it faces
- Developing relationships with stakeholders is an important step
Identity and privacy
Security is a CEO and leadership responsibility.
Security risk management and governance must be embedded in organisational management processes.
Transparency of an organisation’s security risk and remediation is essential to ongoing improvement.
Security threat and incident information needs to be proactively shared with trusted partners to help strengthen supply chain defences.