I talked, earlier this week, about the evident gap between the concern expressed (in the 2013 ISBS survey) by the majority of managers about cyber security and the fact that their organisations continue to be breached, and linked this to a lack of appropriate competences in their organisations.
I don’t think this is surprising – most organisations build their IT teams in order to deliver services to customers, and they don’t do this with cyber security at the forefront of their mind.
The world has now changed – cyber security needs to be a core part of every organisation’s IT delivery strategy. In terms of skills and competences, this means that every organisation will need to employ people whose qualifications include ISO27001 Lead Implementer, ISO 27001 Lead Auditor, CISSP, CISA, CEH and CISM.
While a cyber security risk assessment is a sensible immediate first step for most organisations, the reality is that everyone is going to have to employ people with an appropriate skill set.