Cayman News Service published an article on February 29, 2016, about the Cayman Islands government’s being under-resourced.
“Commencing with strategy and scope, Security assessment will bring hope, with impact and projections calculated.”
Security spending should be in line with the cost of a security breach and the resulting activities, including response, recovery, and business continuity.
The government should assess and prioritize risks. To justify the investment in security, you must assess and prioritize your organization’s risks. Risks cannot be completely estimated, only mitigated. A Risk Assessment approach should be taken. The process may appear daunting, but keeping it simple is key. It involves identifying the assets, vulnerabilities, threats, risk scenarios, their likelihood of occurring, and potential impact.
The process of a risk assessment involves security professionals carrying out the following stages:
- Scope: The scope of the assessment, network layout, and assets are determined. This is achieved by holding high-level risk workshops and interview stakeholders.
- Assessment: A risk workshop will help identify and prioritize business risks.
- Presentation: presenting your findings is key to the development of the government and organization.
According to Cayman News Service (CNS), “The government is still not investing enough in information technology to ensure its future security or the necessary systems required to move towards comprehensive e-government services. Computer services are still operating on half the budget it had in 2009 and is still under-resourced, despite warnings from the Office of the Auditor General (OAG) going back to 2012 that not enough was being invested in technology and government was not making IT security a priority.”
Not investing in your country’s own Cyberdefense can become a severe issue when the attack or breach happens. The problem is that the government does not have a proper strategy in place, and as a result, government IT systems were now in a much better position than when the audit was done. Having these frameworks developed for the government is vital in responding and mitigating the threats.
Contributed by: Daval Gregory from Jamaica. Daval is a member of the CCST Discord group from the G5 Cyber Security Foundation Ltd. Learn more about CCST (Caribbean Cyber Support Team) by visiting caribbeancst.org. CCST is a collaborative group on the Discord platform for Caribbean people in IT, from beginners to experts.