The Top 3 Security Program Tasks to Tackle in the New Year

The Top 3 Security Program Tasks to Tackle in the New Year

The Top 3 Security Program Tasks to Tackle in the New Year 1024 682 Andrew Hay

In the spirit of the New Year, it’s time to reflect on the past and make measurable resolutions for the future. Many people use this time to focus on personal goals, but it’s also important to think about what you can do to improve the security of your business. If you’re looking for ways to boost your company’s security posture in 2022, here are three tasks that you should add to your list.

Review Your Security Program

The annual review of your information security program is not only a good idea but, depending on your regulatory compliance requirements, may also be a mandatory requirement. We strongly suggest that every security executive review their existing policies and standards to make sure that they:

  1. Continue to align with the requirements of the business,
  2. Are not obsolete or referencing technology/business areas that are no longer relevant, and
  3. Are clear, concise, and meaningful to the target audience.

Conduct a Risk Assessment

The identification and remediation of risk helps you, your team, and the business understand what gaps exist and just how big and far-reaching said gaps are. It’s not difficult to conduct an internal risk assessment against whatever framework you have based your security program on but you may find it difficult to objectively assess how well (or how poorly) you’re performing in certain areas. An objective third-party risk assessment against whatever framework you have may be a better fit to help you identify new and confirm the closure of previously mitigated risks.

Prioritize Remediation

With your completed risk assessment against whatever framework you have in hand, the next “resolution” should be to prioritize the remediation of identified gaps in achievable and measurable milestones. You should work with your internal and external stakeholders to assign each risk using a 3-, 6-, and 12-month buckets that are managed as individual projects. Not only does this help you schedule and delegate the remediation of risks it also helps you hold yourself, your team, and the business accountable to the remediation process.

With the rapid changes in technology, it’s important to review your security program on a regular basis to make sure you are not spending time and resources protecting obsolete areas. Conducting a risk assessment against whatever framework you have will help identify gaps in your current posture, policy, or processes so that they can be remediated with appropriate prioritization using a 3-, 6-, and 12-month schedule for maximum effectiveness – and accountability. To learn more about how Lares can assist you with these and other tasks, please contact us today!

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Email Us

©2019 Lares, LLC | All rights reserved.
Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.