There is no perfect Cybersecurity

There is only perfect cybersecurity for your organisation.

That’s where Cybersecurity Governance, Risk and Compliance come in.

Sure, your organisation could turn off all the computers, barricade the doors and put guards out, not letting anybody in, even staff. But it wouldn’t be in business long, because it wouldn’t be fulfilling its purpose.

An oldie but a goodie – BBC Yes Minister – The hospital without patients

Security is always a balancing of risks

Security is always a tradeoff between confidentiality of information, integrity and also availability. These three objectives are in constant tension. If you have too much information availability, you might compromise confidentiality. Too much information confidentiality, you might compromise integrity. It’s like a three legged chair that’s always wobbly because one or other of the legs is too short or too long.

These tradeoffs lead to risks, both positive and negative.

• A website with lots of functionality and utility can have more vulnerability from attackers.
• A network that is cut off from the Internet is protected from external attack.

Making decisions about what  risks and tradeoffs an organisation wants and needs to accept sits with the executive.  They own the risk. Our team at Resilience Outcomes can help your organisation decide how best to navigate this complex area of governance, risk and compliance.