Monday, February 04, 2019

Cyber Threat Intelligence (CTI) Program

Does your organization and all your service providers have a Cyber Threat Intelligence (CTI) Program?
In other words what is the ability of your organization and your service providers to prevent cyber attacks?

Despite the little typo, the The 2018 ENISA Threat Landscape Report outlined CTI program representation in the picture is a starting point to consider reading the rest of this document that coverages current threats and safeguards that you should consider when going through quantitative risk management.

While we want security first and then compliance, both are as important. To achieve a high security maturity level we need to look at the strategy (compliance), tactics (ways to compile intelligence), operations (tooling), and technology (secure DevOps and SDLC practices).

My series about secure translations is actually applicable to any kind of service providers but naturally, based on my current role, I am concerned about the impact of globalization in security and privacy. I am particularly concerned about the modus operandi practices currently being used by multiple top Language Service Providers (LSP).

It is worrisome to see claims about security in LSP corporate websites that tend to deceive customers. For example the claim that they hold security reports and certifications pointing to the hosting providers they use. Let us make this clear, security is not reached because you ride on a mature hosting provider. Instead, security is a journey that an organization decides to make and that must cover internal strategic, tactical, operational and ultimately technical/logical areas.

If you are an international organization executive you should be aware that the biggest cyber-risk faced by your organization lies on the fact that your LSP of choice cannot deliver secure translation services. All efforts around internationalization, localization, trans-creation and therefore globalization might be actually compromising your bottom line.

No comments: