![\"\"](\"https:\/\/www.dp-institute.eu\/wp-content\/uploads\/2022\/09\/stefaan-van-daele_crop-300x269.png\")
<\/p>\n<\/p>\n
Every IT environment requires a secure architecture to withstand the cyber threat. How can you build or adapt your IT architecture to cope with the current and future threat landscape? And how will this architectural design fit in your overall cyber defense strategy? With these questions in mind, Stefaan Van daele, Executive Security Architect, IBM Security Elite team, exchanged views and discussed the CISO’s role during the first edition of DPI’s CISO certification course.<\/p>\n
\u201cTwenty years ago, business security translated into tech solutions and reporting,\u201d says Van daele. “Still today, seventy percent of security is covered by compliance.” But a shift is needed: “Today, it\u2019s all about having a clear understanding of the threat landscape: knowing why<\/em> your organization is vulnerable, fuels your strategy and your budgetary needs.”<\/p>\n Leadership must understand the cost & benefits of an holistic security approach and it\u2019s the CISO’s job to clearly articulate them. Strategy and budget negotiations are core competencies of a Chief Information Security Officer. According to Stefaan Van daele, explaining the threat landscape to management is a conditio sine qua non<\/em> to earmark the cyber security budget that is needed. “According to IBM\u2019s annual 2022 Cost of a Data Breach Report (now in its 17th year of publication), the average cost of a data breach is \u20ac4.1 million. This insight can help management to understand the impact of cyber incidents”.<\/p>\n With a clear strategic plan at hand, the organization is ready to develop a security architecture. “But there is no such thing as A <\/u>security architecture”, Stefaan says. “CISOs need to understand the difference between the structure and behavior of the organization’s security process (aka security governance; also referred to as Enterprise Security Architecture); the structural security components that are needed in the IT architecture, such as identity and access management principles; secure coding and security related operations, … (the Security Architecture) and the security of a solution, such as a SaaS application (the Architecture of a Security Specific Solution). “A CISO must understand the relations between these architectural tasks and how they interact.”<\/p>\n During the first CISO certification course, Stefaan explained the most common architectural designs in cybersecurity. One of them, Zero Trust, is explained more in depth. This architectural principle eliminates implicit trust and continuously validates every stage of a digital interaction. “Zero Trust is designed to protect modern environments and enable digital transformation by using strong authentication methods, leveraging network segmentation, preventing lateral movement, providing threat prevention, and and simplifying least privilege related policies. Using Zero Trust as guiding architectural principle is key to building a modern security architecture”, according to Stefaan Van daele.<\/p>\n “During the first CISO certification course of DPI, it was my goal to bring the often very technical concepts of security architecture to a \u201csuitable enough” level for the CISO to have a meaningful conversation with the architects on the one hand and the management on the other hand. It is important that they are all able to speak the same language, which is why this training is geared towards bridging the gap between business risks and the more technical side of things.”.<\/p>\n <\/p>\nArticulate the threat landscape to management<\/strong><\/h3>\n
Translate the threat landscape into a security architecture<\/strong><\/h3>\n
Zero Trust as leading principle<\/strong><\/h3>\n
Are you ready to guide your organization towards a safe and sound information security framework? To get a 360\u00b0 view of all the cybersecurity issues that can help protect against unwanted events in the current threat climate?<\/h4>\n
Get on board for our full CISO certification training programme<\/a>.\u00a0<\/strong><\/h4>\n