CYBERSECURITY MANAGEMENT DRAWS ON AN UP-TO-DATE CYBERSECURITY POLICY text: PERTTI KUOKKANEN Senior Advisor
Today AI based applications support people in current world more and more, also in cyber environment. Dealing with privacy, digital ethics and security challenges generated by AI, the Internet of Things (IoT), and other evolving technologies will become critical to maintain trust and avoid legal entanglements. Establish governance principles, policies, best practices and technology architectures to increase transparency and trust regarding data and the use of AI.
T
he vulnerabilities of modern societies are the main targets of cyber activities. Strategic level analysis, reports and discussion on how cyber events affect and how to respond to them are needed. How to solve and communicate this? Anticipatory management responds to the changes, weakening predictability of cyber events and shortened planning of the current operational environment. Thinking is focused on the creation of potential solution alternatives and purposeful selection between them. It gives also food for communication. KEEP THE CYBERSECURITY IN AN ORGANISATION’S FOCUS
Cybersecurity is a central part of organizational security. With the aid of cybersecurity policy, management specifies the objectives, responsibilities and operating guidelines of cybersecurity. The formulation of cybersecurity is directed by the purpose and strategy 46 | CYBERWATCH FINLAND
of an organisation’s activities, risk analysis, laws and regulations. Cybersecurity is a target by every state to create a trusted and protected cyber environment for the hole society. Cyber security is about maintaining the confidentiality, integrity, and availability of information, hardware, networks, software, and users throughout their lifecycles. Cyber security consists of collaboration between administrators and users and takes into account the impact of the cyber environment on the physical world. A top-down approach should be followed when implementing cybersecurity. According to such an approach, the roles and responsibilities regarding information security are prearranged and enforced by an IT authority level that carries more authority than the level below. Sufficient level of cybersecurity is a necessary prerequisite for the continuity and credibility of operations. The significance of cybersecurity has been continually
increasing in the management of organizations and in ensuring their operating ability as well as in maintaining disturbance-free and efficient operations. Cybersecurity can be viewed at different levels of management. Strategic management is people and policy focused (management). Tactical management is security process and standards focused (development). Operational management is technology and procedure focused (maintenance & monitoring). USE STRUCTURAL APPROACH TO MANAGEMENT
Today, it is necessary that broad technology decisions and policies with regard to enterprise wide management of information systems security are made at the top managerial level. Cybersecurity management must be arranged so that the set objectives are in the right proportion to an organization’s overall security and so that
