Do you feel many organizations do not have the proper policies in place to protect their brand?
Many organizations (SMBs and local governments especially but we have see it at some enterprise clients too) tend to struggle to have all the necessary ones.
Most have never conducted any exercise to test them and identify gaps.
Which policies do we mean? Some of the pertinent ones are here in a non-exhaustive list:
- Acceptable Use Policy
- Security Awareness and Training Policy
- Change Management Policy
- Crises management policy
- Incident Response Policy
- Network Security Policy
- Remote Access Policy
- Vendor Management Policy
- And many more…
But, even more important, is a metric on effectiveness of any policies you have in place. Even if ALL The policies are in place, next questions become:
- Do they work?
- How will we know if they are effective?
- To what degree?
- What ones are missing?
- How is communication to be handled?
- Can we handle a crisis effectively? How do we know?
We sat down with Lester Chng, CISSP, former Naval Officer who learned a great deal about WAR GAMES in the military and sees the benefits to large enterprise and SMB clients to practice executing their policies before reality sets in. He shared his practices for addressing this.
He has significant recommendations for addressing the four (4) main areas of security:
2. Physical Security
4. Crises Management
In our discussion, Lester shared his remarkable journey into leadership and cybersecurity. He explained how a key to building operational resiliency in these buckets is found in:
· tactical exercises,
· tabletop exercises and
· going through real-life scenarios to Test the policies (annually)
· Goal: identify the holes in the policies and the holes in the execution of those policies
Lester Chng has a very cool story he shared with us. It’s a story of immigration (from Singapore to Canada), one of military career transition into civilian life and breaking into the cybersecurity field and his story is built on a foundation of grit. He is passionate about crises management exercises and the practice since it always identifies holes and gaps in policies.
➡ Operational Resiliency.
➡ It's about practice.
Think Military War Games for the private sector SMBs and enterprise organizations.
We learned about the 🔥 key exercises 🔥 that should be done each year and how critical it is.
📐 Real-life practice. 📐 Addressing accountability, notifications, tasks in CRISES MANAGEMENT. Who handles what? Who notifies whom? And much, much more...
Lester Chng has a remarkable story:
🔔 immigrating to Canada from Singapore
🔔 military career transition to cybersecurity
🔔 key operational resiliency best practices
There is often confusion or answers to be found when running through exercises of policies, addressing unknown issues like:
- ·confusion of who needs consulted and when,
- where does accountability lay at each stage
- who owns which tasks,
- and exercises bring all this to light, all in a safe practice format so the gaps can be filled before a crisis occurs in reality.
The benefits of crises management, cyber breach and physical breach exercises are seen in many examples shared by Lester in our discussion.
For further discussion details, check out the episode of Cyber Crime Junkies Podcast with Lester Chng here:
VIDEO: New Insight on Operational Resiliency and Crises Management
🙏 If you appreciate posts like this... let's Connect 🙏
I'm David Mauro, fortunate to be in a leadership role with a top-rated MSSP All Covered, IT Services from Konica Minolta Business Solutions, U.S.
📸 creator/host of 🛡Cyber Crime Junkies Podcast🎤🎧🛡 a interview great leaders and spreading cybersecurity best practices so brands can be better protected.
🔔 Click the Bell🔔 if you want to see new posts
🎥 @CrimeJunkiesPodcast on YouTube