Why cyber security should be a board room issue?
Even if we are only at the the beginning of our new digital age, digital technology is already really pervasive and has disrupted the business models of traditional organisations at a rate never experienced before. And so in an interconnected world, organisations are more dependent than ever to digital business processes. This amplifies the business impact of cyber attacks, affecting intellectual property, financial security, competitive advantage, operational stability, regulatory compliance, and reputation. And as businesses are facing rapidly increasing exposure to cyber security risk, IT security strategy should evolve from a pure IT problem to a board room dilemma.
Through human interviews, process review and some technical tests our objective is to help our clients to prioritize and focus their security efforts on controls with the highest payoff, aiming for a "must do first" philosophy. The main set of controls we are using for our assessments are the well known ISO27002 and the Critical Security Controls which are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most common attacks. They are developed, refined, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security an independent and not-for-profit organization.
Below is a list of resources which might be useful if you are looking for more insights to develop your cyber security strategy:
-
10 steps to Cyber SecuritySeptember, 2012This publication discusses cyber security as one of the biggest challenges for business and the UK economy. It offers guidance for business on how to make the UK’s networks more resilient and protect key information assets against cyber threats. It covers risk management and corporate governance and includes case studies based on real events
-
Catch, Patch, MatchFebruary, 2014The Strategies to Mitigate Targeted Cyber Intrusions are ranked in order of overall effectiveness. Rankings are based on ASD’s analysis of reported security incidents and vulnerabilities detected by ASD (Australian Signals Directorate) in testing the security of Australian government networks.
-
Belgian Cyber Security GuideNovember, 2013The International Chamber of Commerce in Belgium (ICC Belgium) and the Federation of Enterprises in Belgium (FEB) did come together with EY and Microsoft to create a Belgian Cyber Security Guide. One of the lessons learnt is that change starts from the top. It is the executive level that should set the tone.
-
Critical Security ControlsFebruary, 2014The Critical Controls for Effective Cyber Defense are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive attacks. They were developed and are maintained by a consortium of hundreds of security experts from across the public and private sectors. An underlying theme of the Controls is support for large-scale, standards-based security automation for the management of cyber defenses.
-
ANSSI: 40 Essential measures for a healthy networksOctober, 2013The French Network and Security Agency (ANSSI) identified 40 technical steps, referred to as essential IT measures which could be referred as rules for a healthy network. This document has been designed for managers and engineers in charge with IT security - it will provide them with a detailed checklist of what they should implement, what they should verify and where they should put their effort to improve the overall security of their IT networks.
WHAT WE OFFER
Our mission is to help businesses to figure out the level of risk exposure they are facing by consolidating all data from our assessments on a very intuitive and user friendly dashboard. The objective is to make it easy for our clients to know where they are, and what they have to do first. And as a trusted partner, our role through our program is to help the CISO (Chief Information Security Officer) or every person with similar role and responsibilities to:
- Protect their assets & data in the most efficient way
- To know where to invest first and help to report it
- To develop, implement and manage a security program
We provide yearly packages which are made of different kinds of activities aligned on Plan/Do/Check/Act model. And so based on your maturity level we help you to get a broad picture of your security posture and in fine a very straight forward and suitable action plan to follow for your business.
-
Prioritize & FocusOn most efficient controls for your business.
-
Project MethodologyTo help you to keep control and track progress.
-
Independent expertiseNot technology or service affiliate.
-
COMMUNICATE YOUR VALUEBenchmark your progress and share it.
WHO I AM?
Guillaume Carballo is an expert in cyber security and after almost 10 years of experience as a consultant for international companies in a lot of European countries, he decided to create his own start-up company to help small & medium businesses to face Cyber-security challenges. Guillaume holds a master in "Cryptography & IT Security" plus several certifications in the IT field and also a master in "Strategy and International Management" from ESSEC business school.
As a security strategy advisor for C-level, his role is to help management to align IT with business strategy and therefore to assist them to figure out the impact of not taking cyber risks seriously. With SmartProtect, Guillaume combines his two passions which are entrepreneurship and IT security.
SmartProtect
8, rue Jules Diederich
L-5822 Hesperange
Luxembourg
Mobile: (+352) 661 61 61 19
Tel: (+352) 27 91 29 36
Email: guillaume.carballo@smartprotect.eu