Risk-based approach to security management

Hasanian Alkassab, Senior Regional Security Manager, GBM.
Hasanian Alkassab, Senior Regional Security Manager, GBM.
by
3 years ago

Many CIOs struggle with the preservation of confidentiality, integrity, and availability of data utilised in business processes, applications, and technology. To realise these security objectives, a holistic and integrated approach is required from the start: Security by Design.

Any organisation going through a digital transformation journey should start adopting an architectural approach to cybersecurity. The key values of security architectures are as follows: Providing an efficient and effective secured environment, meeting regulatory compliance needs, implementing effective security governance procedures, and giving an awareness level to all employees about possible threats and how they can help the organisation address them.

Any organisation going through a digital transformation journey should start adopting an architectural approach to cybersecurity.

Sharing security data and insights and developing an ecosystem across cybersecurity silos may be a transformational concept for the industry, one that needs people, process, and technology adaptations. An organisation must adopt a risk-based approach to security management as it embraces secure digital transformation, that includes both technical and business contexts.

The future of work is going to be very different from the present; workplaces and work culture are being transformed. Enabling employees to work from anywhere is becoming a critical capability for any organisation. As a result, the digital surface area is expanding at an unprecedented scale and protecting it from external and internal risks is becoming a key challenge and priority for organisations.

An organisation must adopt a risk-based approach to security management as it embraces secure digital transformation.

The ninth edition of GBM Annual Security Report looked at how risk priorities have changed this year for organisations in the Gulf, and what security strategies they are employing as they accelerate towards a digital enterprise. Some of the key security risks that were identified in the study were growing identity risks in assuring identity integrity, risk of cloud security breaches, and data and privacy risks across application development, deployment, and use.

When it comes to cybersecurity, unfortunately, a one size fits all approach does not exist. When GBM built its cybersecurity framework, it made sure to focus on two essential fundamentals: Holistic view and visibility, and an integrated approach for security solutions. In addition to existing security risks, internal delays to incident response, service unavailability, and regulatory complexity and non-compliance have become even more important than before.

To address rising security risks, GBM is helping organisations with key focus areas such as data security, cloud security, identity, and access management, application lifecycle security, automation of threat management and security response, and modernising network security.

GBM recommends organisation to adopt a holistic, integrated and zero trust-based approach to cybersecurity.

Cybersecurity solutions’ complexity, created by disparate technologies and a lack of in-house expertise, can amplify the cost of a data breach. But organisations with a comprehensive cybersecurity strategy, governed by best practices and automated using advanced analytics, artificial intelligence, and machine learning, can fight the current day cyberthreats more effectively and reduce the lifecycle and impact of breaches when they occur.

GBM is helping organisations across the region to develop a strong cybersecurity strategy having layers of detection, protection, and response capabilities to counter against modern day cyber-attacks that attempt to access, change, or destroy data; extort money from users or aim to disrupt normal business operations.

Rather than adopting a solution-based approach, GBM recommends organisation to adopt a holistic, integrated and zero trust-based approach to cybersecurity which considers all the key elements such as people, process, and technology.

Cloud Security Posture Management, Cloud Workload Protection Platforms, Secure Access Service Edge, and Digital Risk Protection Services will witness a major evolution in the upcoming years and would have a significant impact on an organisation’s future.

These technologies tackle different applications for security, including identification, safeguarding and protection, across clouds, workloads, applications, and digital channels. Extended Detection and Response, XDR, is also essential, as security and risk management leaders are struggling with too many security tools from different vendors with little integration of data or incident response.

The primary value propositions of XDR products or capabilities include improving security operations productivity by enhancing detection and response capabilities by unifying visibility and control across endpoints, networks, and clouds.

[quote font=”tahoma” font_size=”13″ color=”#262626″ bgcolor=”#f9f9f9″ ]

Recommendation for CISOs

• The two fastest-growing skills should be Application Security and Cloud Security, where both involve proactively building a secure environment rather than responding to a threat.
• Applications and Cloud Security skills represent crucial infrastructure for the modern economy.
• The following skills set will be in demand for the next 3 to 5 years: risk management, incident response and threat intelligence, data privacy and security, compliance and controls, and Identity and Access Management.

[/quote]


With rising cyberthreats, it is a must for IT professionals and organisations to make fundamental changes in the way they approach cybersecurity.

Don't Miss

(L-R) Mike Weston, CEO at GBM and Mohammed Khalifa, CEO - Digital Industries for Middle East at Siemens

Siemens, GBM partner to develop transformative solutions in automation, IT infrastructure, cybersecurity

Gulf Business Machines and Siemens, announced a collaborative effort to support more
Amr Refaat, Chief Executive Officer, GBM

GBM acquires Coordinates Middle East to enhance its detection, response, remediation

Gulf Business Machines announced the acquisition of Coordinates Middle East majority shares,