Collaborative cyber security  

Written By chloe sawyers

Are you a cyber security consultant? Do you feel like you’re faced with an overwhelming amount of information, problems and confusion? This isn’t uncommon for any cyber security consultant when joining a project, especially if it’s been running for some time and you’re new. 

One of the first things you should be tasked with is producing as risk assessment. The Prepare Step of NIST 800-37 is there to help with that. But should you be doing this alone? 

No. You need help to do this. Any risk assessment produced in isolation is likely to be inaccurate or unhelpful to your project. It also reinforces the perception that cyber security is an isolated task, and isolates you.  Instead, you need to engage the right stakeholders and draw out risks that the subject matter experts are probably already dealing with.   

This may be a new skill for you. You need to bring non-security people together, explain why risk management needs their involvement. Then take issues from them, define the risk and escalate where necessary. Experience in this area has taught us that risk workshops are the best way to do this. Typically, as a cyber security consultant, you should seek to do this as soon as you arrive on a project and need to identify risks.  

Workshops with your peers are the best way to identify risks and to find solutions. We recommend going through the stages of the Prepare Step and getting everyone to contribute to each stage. Discussion at each of these stages will provoke useful debate at the very least. At best, it will bring everyone together and identify risks that may have been previously overlooked. The added benefits of conducting workshops can be that everyone feels included in the process of identifying and managing risks. This not only brings the team together, it improves understanding of what security risk management is and it promotes the idea that security risks are really project risks. 

So, if you’re a cyber security consultant and you feel like you’re struggling, bring your team together and find some risks! If this is new to you, don’t hesitate to ask Bee-net for help.  

chloe sawyers
Next

Why ‘One Team’ is so important in fighting cyber threats.