A Business-Centric Approach to Cybersecurity StrategyISACA's Chirag Joshi Shares Advice on Building a Cybersecurity Strategy
The business world is going through a phase of hyper transformation and hyper digitalization. So, the building blocks of a cybersecurity strategy are quite different from what they were a few years ago. CISOs now need to prioritize threats in the context of their businesses.
"The CISO needs to understand the business he is trying to secure. Understanding your business, products and services helps contextualize the cyberthreats that are unique to you," said Chirag Joshi, director of ISACA Sydney.
The threat landscape varies depending on the nature of the business. Some organizations prioritize operational technology threats. Those with an internet-facing presence worry about denial-of-service attacks, and those who have intellectual property prioritize threats from nation-state actors and competitors.
The other factor to consider is the technology footprint or technology landscape.
"If your organization was born in the cloud, the inherent protections that you have and the type of security stack or security culture is quite different than if you have a legacy footprint," Joshi said.
Regulatory changes and the regulatory environment are also important inputs for strategy, "because the compliance drivers play a key role in the strategic outcomes that you desire," he said.
In this video interview with Information Security Media Group at ISMG's Dynamic CISO Excellence Awards and Conference, Joshi discusses:
- The expanding threat landscape due to the decentralization of IT;
- Building an effective cybersecurity strategy and architecture;
- Fostering a good cyber culture.
In his role at ISACA Sydney, Joshi has conducted several cybersecurity education sessions for executives and nontechnical audiences. He has extensive experience leading cybersecurity, risk management and compliance programs in multiple countries across various industries. Joshi was featured in the prestigious CSO30 2022 list of the top 30 cyber security executives in Australia. He also was recognized as a finalist for the Australian Cyber Security Professional of the Year Award in 2022 and 2020. He is the author of two books on cybersecurity.