Written by: Parimel Selvaraju

Cybersecurity is hard to understand, let alone implement.

We posed this question, “what is cybersecurity?” informally to a group of security engineers. Sample responses were “security compliance,” “the practice of computer and network assets,” and “a job where you never can do enough.”

This is from people who make a living out of the practice of cybersecurity. Imagine the response from anyone not working in cybersecurity practice!

To understand cybersecurity, first, we need to understand cyberspace. Cyberspace consists of extensive, interconnected network infrastructure, devices connecting to the network, processors that power them, embedded software in the processors, software running on the network infrastructure and connected devices, and finally, the data that traverses the entire system.

That is one big, paragraph-sized sentence there! It may feel overwhelming, but it can be unpacked in steps.

Cyberspace Explained

The device from which you are reading this is the visible face of cyberspace. It could be a traditional PC (or Mac), a smartphone, a tablet, or another form of a consumer device. It runs an Operating System, a browser to connect to the Internet. The connection point for the device is your home router or office firewall/router (including a Wi-Fi connection). You may or may not have seen the office firewall, but it exists. The router connects to your Internet Service Provider (ISP).

Let’s pause here and inventory with an example:

• PC – Your favorite brand with Intel microprocessor
• Operating system – Windows 10
• Browser – Google Chrome or Microsoft Edge
• Office firewall – Your network Admin recommended firewall for your business needs.

As you can see, before it even leaves your building (perimeter), there are at least four different vendors involved. This means there are at least four different opportunities for security flaws. The flaws the vendors do not necessarily know about in their product. There exists the opportunity for cybercriminals to intrude and steal professional and personal information.

If we travel beyond the perimeter, to the Internet Service Provider (ISP), to the data centers around the world, and to the cloud, cyberspace continues to expand and get more complex.

Cyberspace is hard to visualize, making it hard to understand. The world is interconnected within cyberspace, and it has no defined, enforceable borders. What happens in one part of the world can reach the entire world rapidly.

Cybersecurity – Protecting Cyberspace

An organization cannot possibly defend itself all on its own. It is an ecosystem of constantly working vendors, service providers, consulting firms, and more. The practice of securing cyberspace is cybersecurity. It is the process of protecting information by preventing, detecting, and responding to attacks.

Any organization with an Internet-connected system is at risk for a cyber breach. It needs a Risk Management Strategy at the topmost level in the organization.

If an organization does not have a cybersecurity strategy, its business is at risk of disruption, data loss, or monetary loss. The threat level and risk vary for organizations in different sectors but cannot be ignored. While it is concerning and even scary to read about large-scale cybersecurity events and wonder if it could happen to your organization, the most important action needed is to plan and prepare for it.

The planning starts with assessing the current state of organizational cybersecurity maturity level. The cybersecurity vendor marketplace is as big and varied as the technology used in cyberspace. The best approach to a solicitation is to choose a vendor-neutral consulting organization that objectively assesses your organization’s cybersecurity risk.

A Framework for Cybersecurity

The cybersecurity strategy and governance are a multi-step process, and there is no one-size-fits-all solution. The Cybersecurity Framework from the National Institute of Standards and Technology (NIST) at the U.S. Department of Commerce published a simplified framework for cybersecurity for organizations of all sizes using the following five steps:

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

The framework consists of standards, guidelines, and best practices. Organizations around the world have adopted it.

As with any framework, it is not the complete solution for cybersecurity needs. Implementation of this framework or any other framework your organization chooses needs to be project-managed with a focus on risk management.

Vendor-Neutral Consultants

Cybersecurity is a huge market, but it doesn’t have to be scary. There are best practices for planning and prevention that can help. For many organizations, the first step is a vendor-neutral consulting organization that will provide an objective assessment of your organization’s risk.

Momentum consultants are experts in cybersecurity practice combined with Project Management expertise. Contact us for an engaged conversation to begin, enhance, or strengthen your organization’s cybersecurity resilience.

Written by Parimel Selvaraju

Parimel Selvaraju has extensive experience in project management, leading large-scale enterprise Information Technology transformation (IT) projects, specializing in continuous improvement, and increasing efficiency. He is known to work with stakeholders at all levels -from executives to front-line workers- to understand their needs and effectively integrate into the larger picture to solve their business needs with IT solutions.  His current focus is on cybersecurity challenges for a client.

Like Parimel’s work? Check out his other blog – Using the Business Case as a Prioritization Tool in a Day in the Life of a Project Manager