DB Results Thailand Logo white
  • What We Do
    • Our Digital Services
      • Advisory and Technology Services
      • Application Development Services
      • Application Management Services
      • Digital Business and Transformation Services
      • Data Management Services
      • Cloud Services
      • Cybersecurity Advisory Services
    • Our Digital Products
      • OutSystems – Rapid Development Platform for Mobile and Web Applications
      • AgileBlue Advanced Cybersecurity
      • MiOK
      • Wellness+
      • Self Service Portal
    • Technology Simplified
  • Who We Are
    • Who We Are
    • Our People
    • Careers
      • Working At DB
      • Jobs at DB Results Thailand
    • Our Partners
  • Celebrating Success
  • In Action
    • In Action
    • Media / News
    • DB Thinking
    • Corporate Social Responsibility
  • Global
  • Contact Us
DB Results Thailand Logo white
  • What We Do
    • Our Digital Services
      • Advisory and Technology Services
      • Application Development Services
      • Application Management Services
      • Digital Business and Transformation Services
      • Data Management Services
      • Cloud Services
      • Cybersecurity Advisory Services
    • Our Digital Products
      • OutSystems – Rapid Development Platform for Mobile and Web Applications
      • AgileBlue Advanced Cybersecurity
      • MiOK
      • Wellness+
      • Self Service Portal
    • Technology Simplified
  • Who We Are
    • Who We Are
    • Our People
    • Careers
      • Working At DB
      • Jobs at DB Results Thailand
    • Our Partners
  • Celebrating Success
  • In Action
    • In Action
    • Media / News
    • DB Thinking
    • Corporate Social Responsibility
  • Global
  • Contact Us
DB Results Thailand
  • What We Do
    • Our Digital Services
      • Advisory and Technology Services
      • Application Development Services
      • Application Management Services
      • Digital Business and Transformation Services
      • Data Management Services
      • Cloud Services
      • Cybersecurity Advisory Services
    • Our Digital Products
      • OutSystems – Rapid Development Platform for Mobile and Web Applications
      • AgileBlue Advanced Cybersecurity
      • MiOK
      • Wellness+
      • Self Service Portal
    • Technology Simplified
  • Who We Are
    • Who We Are
    • Our People
    • Careers
      • Working At DB
      • Jobs at DB Results Thailand
    • Our Partners
  • Celebrating Success
  • In Action
    • In Action
    • Media / News
    • DB Thinking
    • Corporate Social Responsibility
  • Global
  • Contact Us

Cybersecurity and digital transformation – managing compliance vs. managing risk

Loading...

Simon Roller

Senior Account Executive

Published

  • April 27, 2021

Share This

Today I'm going to talk about Cybersecurity and Digital transformation and in particular, cybersecurity managing compliance versus managing risk.

I experienced my first IT audit back in 1987 when I was working as the Systems Manager for American Express in the UK. Back in the day, IT audits were a cat-and-mouse game between the auditors and those being audited. Could we get things ship-shape in time, stay one step ahead of the auditors and give them enough so they had their pound of flesh, all while trying to do our day jobs and keep the business running? We always passed the audit, albeit with a few areas of partial conformance, but hey, we were compliant!

In 2013, the Target Corporation’s network was breached, resulting in 40 million credit and debit card numbers and 70 million records of personal information being stolen. This was the second-largest credit and debit card breach and cost credit card unions over 200 million dollars just to reissue cards. Guess what – Target was compliant too.

In today’s world of fast-paced digital transformation, simply being compliant doesn’t cut it. In fact, compliance can create a false sense of security. ISO/IEC 27001, the international management standard for information security, has recently been updated to enhance its focus on risk management. When we look at managing risks from a cyber perspective, we need to think about both managing the likelihood of bad things happening and managing the impact when they do – and it’s “when”, not “if”.

In February 2013, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”. Following this, in 2014 the NIST Cybersecurity Framework (CSF) was released, and then in 2018 was updated to version 1.1. The intent was to make an easy-to-understand cybersecurity framework that focuses on managing cybersecurity risk while leveraging existing best practices for the management and technical controls. The framework has 5 functions, 23 categories, and 108 subcategories. It uses mappings to informative references to point the reader to areas of best practice (like ISO/IEC 27001, COBIT, CIS CSC 20, NIST 800-53) and provides guidance on implementation models (called Tiers) and cyber risk gap analysis.

The five functions of the NIST
Cybersecurity Framework.

So why the change in focus from compliance to risk? Much of the rationale is due to digital transformation, or DX. When we move from traditional business models to digital business models, we greatly increase the attack surface for bad actors (people who exploit a vulnerability, also known as “black hats”), and therefore increase our cyber risk. The more we digitise, the greater the risk. The other thing to consider is the move from in-house IT and monolithic outsourcing to cloud-based computing and multisource suppliers. The Target exploit was enacted through their HVAC (heating, ventilation, and air conditioning) service provider. The attackers used simple exploits to gain access to the supplier and then on to Target, which was their… target. Lastly, the level of sophistication used by nation states (foreign governments) and organised crime is way ahead of most organisations trying to protect their digital assets. They use machine learning, artificial intelligence, social engineering, and publicly available information to launch their attacks. Unfortunately, we have to be successful in defending all of the time; they only need to be successful in attacking once.

The combination of digital transformation, supply chain risk, and advancement in the capabilities of bad actors means we cannot assume our traditional compliance will protect us; we need to assess our cyber risk on a daily basis. What have we changed? What new risks are we facing? What are the mitigations we need to apply? We make these assessments today, tomorrow, and we need to continue doing so on an ongoing basis.

So, what can you do? Start by asking three questions:

  • How are you integrating cybersecurity into your digital transformation?
  • What does your supply chain look like? Remember that supply chain risk from a cyber perspective is not about securing the supply of goods and services, although that is important; it is about understanding how your cybersecurity risk may have changed by including a third party in your ecosystem.
  • How are you applying risk management techniques, systems thinking, and agile ways of working to your cybersecurity capability?

The NIST Cybersecurity Framework, combined with an agile way of applying cyber risk management, provides an excellent foundation for DB Results’ digital customers. We have unique capabilities in this space and are helping both state and commonwealth governments prepare for the digital age. In a recent engagement with a large state-based government agency, DB Results created an ITIL Operating Model based on SIAM, a methodology for organisations to integrate and manage multiple technology service providers. We built a NIST CSF cybersecurity overlay, embedding best practice cyber controls and risk management processes across the agency’s business and IT operating model.

If you have any questions or comments, get in touch.

You may also like
Loading...

LCAP what’s the hype?

Low Code Application Platforms and the future of business agility.   Gartner Hype Curve for Cloud Platform Services, 2022 The recent (July 2022) Gartner Hype...

Continue Reading

September 14, 2022

Speed-to-Team: How traditional recruitment doesn’t work anymore

The need to be fast, agile, and ahead of the curve servicing customers is a business imperative, not just a nice idea. This tipping point...

Continue Reading

July 22, 2022
Youtube Twitter Linkedin-in

Let’s talk!

Youtube Twitter Linkedin-in
Contact us

© 2023 DB Results. All rights reserved.

  • Privacy Policy
  • Terms
  • Locations
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
Powered by CookieYes Logo