Governance & Risk Management , IT Risk Management , Video

A Business-Centric Approach to Cybersecurity Strategy

ISACA's Chirag Joshi Shares Advice on Building a Cybersecurity Strategy
Chirag Joshi, director, ISACA Sydney

The business world is going through a phase of hyper transformation and hyper digitalization. So, the building blocks of a cybersecurity strategy are quite different from what they were a few years ago. CISOs now need to prioritize threats in the context of their businesses.

See Also: Webinar | Securing Cloud Architectures: Implementing Zero Standing Privileges

"The CISO needs to understand the business he is trying to secure. Understanding your business, products and services helps contextualize the cyberthreats that are unique to you," said Chirag Joshi, director of ISACA Sydney.

The threat landscape varies depending on the nature of the business. Some organizations prioritize operational technology threats. Those with an internet-facing presence worry about denial-of-service attacks, and those who have intellectual property prioritize threats from nation-state actors and competitors.

The other factor to consider is the technology footprint or technology landscape.

"If your organization was born in the cloud, the inherent protections that you have and the type of security stack or security culture is quite different than if you have a legacy footprint," Joshi said.

Regulatory changes and the regulatory environment are also important inputs for strategy, "because the compliance drivers play a key role in the strategic outcomes that you desire," he said.

In this video interview with Information Security Media Group at ISMG's Dynamic CISO Excellence Awards and Conference, Joshi discusses:

  • The expanding threat landscape due to the decentralization of IT;
  • Building an effective cybersecurity strategy and architecture;
  • Fostering a good cyber culture.

In his role at ISACA Sydney, Joshi has conducted several cybersecurity education sessions for executives and nontechnical audiences. He has extensive experience leading cybersecurity, risk management and compliance programs in multiple countries across various industries. Joshi was featured in the prestigious CSO30 2022 list of the top 30 cyber security executives in Australia. He also was recognized as a finalist for the Australian Cyber Security Professional of the Year Award in 2022 and 2020. He is the author of two books on cybersecurity.


About the Author

Brian Pereira

Brian Pereira

Sr Executive Editor - CIO.inc, ISMG

Pereira has nearly three decades of journalism experience. He is the former editor of CHIP, InformationWeek and CISO MAG. He has also written for The Times of India and The Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.