The key to a successful information security program is ensuring that it stays aligned with overall business missions and objectives. A big reason why so many businesses fail to introduce effective security measures is that they reduce cybersecurity to a reluctant requirement that serves as a nuisance rather than an asset. Over time, this results in the maintenance of security controls being pushed aside in favor of business activities that appear more important.
When implementing an information security program, businesses should approach it as something that will enhance the delivery of their goods and services and thus support their bottom line. Thus, businesses should clearly define their key drivers, missions, and objectives as a starting point. These usually include general goals such as “providing a positive customer experience with our product/service” and “improving our products and services over time to increase profit”. Being able to answer the following questions can indicate how well the business understands its missions, drivers, and objectives:
- What are the top three revenue‐generating products by actual name?
- What is the specific problem each product solves for the buyer?
- Who are the top five buyers for each of these top products?
- What is the average gross and net profit margin on each sale?
- What is the typical order size and delivery time for each of these top buyers?
- Can you identify the specific fulfillment role of each individual across all of the
departments?
Once key objectives are defined, businesses can see how cybersecurity measures drive their success. Providing a positive customer experience requires protecting their personal data, providing them with fast and secure web pages and services, and safeguarding trade secrets and intellectual property to protect them from competitors. Moving forward, all information security-related activities should be approached with this mindset. They are enhancements to the things that really matter to shareholders, not money hogs that hinder them.