, , ,

Baselining Cybersecurity

A new baseline

A typical organisation already has a number of security controls in place to safeguard their business-critical information.
However, organisations can sometimes experience these controls impeding business by being too strict. Furthermore, they see the new GDPR legislation fast approaching. They fear that controls put in place for compliance to this legislation will block the smooth running of their organisation even more.

In other situations, organisations might reconsider their current security controls after a security incident, or they want to be better prepared against current cyber threats.

These situations can be used as a basis to create a new baseline for cyber security. A baseline is the agreed upon standard of security for the organisation as a whole.

IT and Business alignment

The goal of this new baseline is to be more in line with the business’ needs while being compliant with current legislation. If the security baseline puts IT and the business in alignment, then it will work as an enabler and not an impediment.

For a way to create a strong security baseline, check out my previous blogs about the ‘Embrace Cybersecurity’ methodology of Toreon.