Baiati suggests beginning with a solid understanding of your organization’s risk appetite and overall business strategy. “Security, when done right, can be a competitive advantage, since it minimizes operational disruption and optimizes trust,” he states. For example, financial institutions have a low appetite for risk and a critical need to protect the integrity of their data and their reputation. Their business strategy and security are inherently connected.
Also, because team members are more mobile than ever, endpoint security is now a focus for network security and needs to be included in the cybersecurity framework. “To build strong endpoint security, organizations should take a comprehensive, layered approach that safeguards all aspects of their digital environment — firmware, hardware, software, and the supply chain,” Baiati says. “Evaluate both on-device and cloud-based AI applications to ensure effective, real-time threat detection and response.”
6. KRIs and KPIs are trending negatively
If there’s a sense that key risk indicators (KRIs) and key performance indicators (KPIs) are headed in an unanticipated direction, your framework may need to be re-evaluated, says Sameer Ansari, head of the data privacy team lead at audit, risk, and compliance consultancy Protiviti.
