While some may argue consistency in cyber security is symbolic of conformity and inflexibility, Serco's head of ICT security and risk, George Arronis, disagrees, claiming it is key to organisations - particularly those with multiple arms and branches - becoming cyber resilient.
Speaking at CeBIT 2013, Arronis said the basis of security is that it is not an end game, but a process, making consistency vital in the proactive race to remain ahead of security threats.
"You review [cyber security], tinker with it, and make appropriate judgements over time," he said. "It's not about perfection but rather flexibility in approach to build up to resilience."
Consistency therefore transforms security culture from a list of do's and don't's to a discussion. This in turn enables a holistic view and posture assessment where a dashboard view can be utilised across the entire organisation while leveraging common platforms for efficiency.
Arronis also said consistency allows organisations to combat the key change in the cyber security space: the players; a continuous approach allows a better understanding of their challenges and in which way the impact can be addressed.
How to walk the consistency talk For Arronis, the four elements of of practicing consistency are:
- Embedded security and risk management into the project life-cycle.
- Targeted assessments against interal control framework.
- Common technology platforms, for example web and email filtering and mobile device management (MDM).
- Communication of simple security messages.
While these are steps towards cyber resilience, Arronis also said "there is no such thing as complete security," which again procures the consistency strategy.