CISO as a Service
The single most important role in defining a cyber security strategy is the company Chief Information Security Officer. This role requires involvement in the company's business development and goals on one hand and technical understanding of IT and cyber security practices on the other. It takes a good CISO to grasp the risk facing the company's information assets and to devise a practical strategic plan. It takes a great CISO to create a business environment in which cyber-risk is managed properly by the company's decision makers.
Maya Security offers that great CISO service to companies who value their information assets and want to intelligently manage their cyber risk to acceptable defined levels.
Decisions on cyber defense should be based on knowledge and experience. Instead of being reactive towards cyber events or vendors selling panic and new technology solutions Maya Security helps the company map its data assets, determine its acceptable risk levels, devise a long-term plan and intelligently mitigate cyber risk.
Just as each company is unique in its business structure, goals and culture and faces different cyber-risk; a unique strategy must be tailored to the company’s needs to protect its information assets in the cyber realm.
Cyber-Technology & Architecture
Through myriad technology solutions the company needs to bear in mind two factors:
1. Complexity is the enemy of security. Use as little solutions as possible to get the maximum level of protection as mandated by senior management. (This also helps to keep costs low)
2. Use Defense in Depth strategy and avoid single points of failure. Have the attacker face more than a single barrier in each attack vector.
Maya Security offers superior cyber security architecture by knowledgeable use of these two factors, coupled with cutting edge cyber technology expertise to achieve ultimate utility of cyber technology solutions.
According to research, 80% of cyber incidents originate in internal-user error. Other research points to 90% of malware incidents originating in employee falling for phishing attempts. Employee awareness training and senior management guidance and support in cyber risk management and technology dramatically lowers cyber risk, increases awareness and promotes better handling and protection of information assets.
Regulation & Standards
Whether mandated by regulation or a decision made by management – adopting security standards can be more than a plaque on the CISO’s wall. Maya Security works with the company to harness the standards or regulation and makes them work for the company. Be it ISO27001, GDPR these standards and regulations should be handled as any other risk (if mandated by law) and once a decision has been made to apply them to the company, they should be applied in the company’s best interest and in a manner which supports the company’s goals and objectives.
Cyber intelligence can take many forms: from human or pseudo-human actors running virtual avatars to infiltrate dark web hacker forums to data regarding vulnerabilities and patches for software and firmware. Whichever type of cyber intelligence required by the organization – it must be tightly-tied to the organization’s specific structure and needs.
Maya Security brings targeted cyber intelligence to decision makers so that they can intelligently manage risk and respond only to cyber threats relevant to their company.