Privacy and security are issues society struggles with on a daily basis, both in our private lives and in our work. We all strive to be happy, and safety is an important but an uncertain factor in our lives. When I was younger, I worked in prison, where I felt safer than I do these days on the Internet. In prison, there was insight into the threat landscape and the measures you had to take when threats occur. It was clear and visible. You simply had to press a red button and a guard or fence was there to protect you. The Internet, on the other hand, is complex, invisible and difficult to handle. There is a sense of urgency to have information security in place, but often one has no idea how to do this.
It is no longer a question if, but when, an organization will fall victim to a cyberattack. It is against this background of increased opportunity for information security breaches and heightened awareness of the repercussions of such breaches that organizations are seeking to protect their information and minimize the risk of possible damage resulting from a breach.
We observe an increase in awareness that adequate business information security (BIS) is needed, but with the increasing complexity of information security, it is important to ask ourselves how we can apply BIS effectively. The aim of our Journal article is to establish a core set of critical success factors (CSFs) that organizations can take into account when establishing a security strategy or implementing an information security program. We certainly tried to provide fresh and new insights in the CSFs needed to implement an effective business information security strategy. One of these CSFs is to “never waste a good security incident” and use it to accelerate.
Read Yuri Bobbert and Talitha Papelard-Agteres’ recent Journal article:
“Never Waste a Good Information Security Incident: An Explorative Study into Critical Success Factors for the Improvement of Business Information Security,” ISACA Journal, volume 3, 2018.