Cyberlink Security
  • home
  • services
  • about us
  • blog
  • get in touch
  • home
  • services
  • about us
  • blog
  • get in touch

Cyberlink Security

Solutions to make your life easier

Who are my Cyber Stakeholders?

hack 2

This is the third article in a blog series I started to find out, together with the members of the ISO27001 group on LinkedIn, how you can use ISO27001 ISMS to build your Cybersecurity strategy. In this post I would like to explore with you how we can identify our stakeholders and their interests and how they relate to our scope.

When you are implementing an ISMS, one of the first items on your todo list is defining a scope. What process, systems or location will the ISMS manage? You should choose the right scope. Too small and the certification will be useless, but too big and the implementation will be too complicated.

For your cybersecurity strategy, you do not have the luxury of choosing an appropriate scope. This is because your whole digital landscape is your scope.  All systems, all storage and all interfaces are in the scope because they are all potential targets of a cyber attack.

Why is that? The reasons for this have to do with both the threat agents and the tools they use. A cyber attacker (threat agent) does not care about your scope; he/she goes for the systems that are available, and preferably the ones that are easy to break into. Most hackers are not superhumans that can bend time and space, they are lazy like the rest of us and use automated tools to hack into your systems. And because they use automated tools, they will potentially hit each and every system in your organisation. (Mind you: I am not talking about the so-called stately actors here.  They often have very specific goals and targets, and almost unlimited resources and time).

Setting such a wide scope for your cyber security strategy will help you to find your stakeholders as well. As with a lot of things, there are many levels to this stakeholder identification. At the top level you have ‘mandatory’ stakeholders like governments, customer bodies, laws and regulations and perhaps regulators that manage licenses you need to operate. This is no different from the mandatory stakeholders you have for your ISMS. When looking at your Cyber Security strategy, your national Data Protection Agency deserves special care. In my experience, 99% of all organisations process Personal Identifiable Information and are therefore bound by laws and regulations like the GDPR. In the case of a successful Cyber Attack, this PII is almost always hit (it may even be the target of the attack) and you need to respond accordingly. This makes proper incident response a key part of your strategy (- more on this in one of the next posts).

As your organisation is often part of a larger value chain, your chain partners are obviously also stakeholders, as are the parties you process their data for. These chain partners will be concerned that you protect their interests, but you will also need to protect yourself from any impacts arising if they suffer from a cyber attack.

So far we have identified external stakeholders, and as you probably guessed, there are internal stakeholders as well. You can use the same method to identify them that you used for an ISMS. You will need to identify the owner of your systems, the owners of the information that is being processed and the management team that aligns the business goals and daily operations.  You may also need to  identify any development department that builds and maintains your applications, finance, maybe HR and your internal customers. All of these parties have a stake in the digital processing and need to be taken into account when planning your Cyber Security Strategy.

Next time I would like to explore this stakeholder/responsibility a bit further in relation to cloud based services. A lot of organisations are out-sourcing parts of their IT processing and this must be a part of your Cyber Security strategy.

Until next time, stay safe!

Arthur Donkers 

Related Articles

  • Cork University Hospital Cybersecurity
    Ransomware attack on Cork University Hospital computers
  • hacker for cc
    Will quantum computers break today's encryption?

Recent Posts

  • Ransomware attack on Cork University Hospital computers
  • Will quantum computers break today’s encryption?
  • A look into GDPR and the late Easy Jet Breach
  • What am I protecting my cybers from? (part 2)
  • Are the browser wars over?
  • Why so many bitcoin scams? They are cheap, easy, and efficient to execute.
  • What does it take to build good pentest boxes to test cyber security skills?
  • What am I protecting my cybers from? (part 1)
  • What do I need to protect with cybersecurity?
  • Why are we seeing such high profile failures of cybersecurity?
  • What happens to my cybersecurity if I use cloud services to outsource my IT?
  • Who are my Cyber Stakeholders?
  • Why should my organisation have a cybersecurity strategy?
  • Is ISO27001 a good basis for your Cyber Security Strategy?
  • PECB United Kingdom has signed a partnership agreement with CyberLink
  • Four reasons why traditional information security fails in agile environments
  • Vulnerabilities to exploit a Chinese IP camera
  • Verizon issues their 2020 Mobile Security Index report
  • Why Traditional Information Security Fails
  • Why is Cyber Security Important?
We use cookies to ensure that we give you the best experience on our website. You can choose to accept or decline. OkNo Thank You