Organisations need to implement a comprehensive set of security tools that are appropriate to their businesses, says Jim Watson, and they also need to identify their most valuable and confidential data, ensuring that appropriate security tools and controls are used to minimise the risks involved.  Building on his earlier blog which discussed the role of organisational culture in mitigating cyber risks, he discusses the key requirements of IT security tools and controls.  He also explains the role that second-line risk management and compliance functions need to play in monitoring the security first-line controls, and the need for regular third-line internal audits to evaluate the effectiveness of governance, risk management and control processes.

Cyber security breaches regularly hit the headlines these days, and the fact of the matter is that we only hear about a fraction of the incidents that happen.  The threat of these incidents is a significant risk for organisations and breaches can have devastating results for the companies and people involved.  They can result in serious financial impact, lost customers and reputational damage to companies - even risk to health and life. In this blog, Jim Watson explains that people are often the weakest part of an organisation’s cyber defence, so organisations need to embed security within their culture and governance, ensuring that all levels of the organisation understand the importance and value of security.