Foster Internal and External Partnerships
After completing this unit, you’ll be able to:
- Describe the role of internal partnerships in responding to business needs.
- Explain how to partner with external organizations to share security-related information.
Partner Internally to Respond to Business Needs
Leadership plays a vital role in the pursuit of internal partnerships to bolster cybersecurity. Some governance bodies that can be helpful in institutionalizing internal partnerships include steering committees, risk review boards, and informal/ad-hoc entities. Effective leaders develop partnerships before a crisis, not after. They also ensure that people understand their role if and when an incident does occur.
An important part of developing partnerships before a crisis includes involving all relevant stakeholders in developing a shared vision of the organization’s cybersecurity objectives. When the business supports the cybersecurity vision everyone is in a better position to understand risk management decisions. Leveraging internal partnerships help develop an understanding of risk, operational results, and enables you to work as a team to consider the best way to meet legal requirements.
Partner Externally to Share Information
When leaders partner externally to share information, it helps bolster an organization's cybersecurity. External partnerships and information sharing are particularly useful in addressing threats that span industries or countries, and those involving state-sponsored attacks. For one real life example of how an organization plans to partner externally, see the 2019-2021 Cyber Security Strategy of the Bank of Canada, which details how the institution works with industry partners to share information and strengthen its cyberposture.
In addition, data integration and shared analytics through industry organizations and public-private partnerships can build better levels of threat awareness and response capabilities. Building trust can best be accomplished by establishing strong external partnerships before a breach occurs. It’s important to be aware of the key government, law enforcement, and regulatory agencies in the jurisdiction in which your organization conducts business.
Both public and private sector leaders have a responsibility to create a culture of trust, and it’s key that they work together to develop policies that contribute to a given sector’s stability. Government may be uniquely positioned to share information on zero-day exploits or state-sponsored threats with industry leaders, while business leaders may have key intelligence to share on real-time threats and attacks. In addition to sharing information, when leaders undertake exercises of incident response with partners they improve cyberdefenses.
Sum It Up
By leveraging internal and external partnerships, a leader can create a shared vision of an organization’s cybersecurity, develop a holistic understanding of organizational risk, and protect against common threats. Now that you understand more about how to effectively leverage these partnerships to achieve these goals, let’s learn more about the cyber hygiene standards you should implement to protect your organization.
- External Site: McKinsey: A framework for improving cybersecurity discussions within organizations
- External Site: United States Computer Emergency Readiness Team (US-CERT): National Cyber Awareness System
- External Site: Threat Intelligence Reports Financial Services Information Sharing and Analysis Center (FS-ISAC)