Analecta Cyber Company Blog: Communicating Your Company’s Mission, Objectives and Activities for Optimal Cybersecurity

2018-03-15

Communicating Your Company’s Mission, Objectives and Activities for Optimal Cybersecurity

Communicating your company's mission, objectives and activities for optimal cybersecurity - Analecta LLC Graphic Communicating Your Company’s Mission, Objectives and Activities for Optimal Cybersecurity Security leads must understand the overall purpose and goals of the organization to better protect your company’s most vital assets.Your organization’s mission is important and is probably well understood by company leaders, but do your cybersecurity personnel understand it to the same degree? Cybersecurity professionals need to understand the mission in order to help prioritize their efforts in securing the IT infrastructure.

Communicating what assets are vital to business at an early stage


Shared understanding of the business plan and goals can lead to well-informed risk decisions. These, in turn, can influence not only technology purchases to meet the needs of the organization, but also management’s involvement in security initiatives.

The National Institute of Standards and Technology (NIST) supplemental guidance to the Cybersecurity Framework emphasizes that information protection needs are technology-independent capabilities to counter threats to organizations. These threats are a direct result of compromised information (such as loss of confidentiality, integrity or availability - the cybersecurity “CIA triad”).

Communicating your company's mission, objectives and activities for optimal cybersecurity - Analecta LLC Graphic
In the NIST business environment, the organization’s mission, objectives, stakeholders and activities are understood and prioritized. This information is used to inform cybersecurity roles, responsibilities, and risk management decisions.

How do objectives and activities support the mission


The organization’s mission describes the purpose of the company, the reason it was created in the first place. Objectives are the points along the path that lead your organization toward its mission. These measurable targets help you achieve your business goals. Knowing the core business objectives helps the technical team manage risks to these objectives.

Activities can be thought of as the actions taken toward meeting the organization’s objectives, and they are in-line with the overall mission of the organization. Critical business activities are functions that are important to the survival of your business.

Examples of critical business activities include activities that:
  • Are the most sensitive to downtime
  • Safeguard irreplaceable assets
  • Fulfill legal or financial obligations to maintain cash flow
  • Play a key role in maintaining your business’s reputation and/or market share

To secure the right assets to the right degree, the organization needs to clearly identify their mission, actions and the assets that enable those actions. From a technical standpoint, this includes:
  • Identifying the core organizational mission that is supported by each system.
  • Breaking it down into the specific functions to perform that missions.
  • Tracing down the hardware, software and firmware components that implement those functions.
The assets are the key, but only as far as they align to the activities under the mission.

Sharing the message of cyber responsibility


A common misunderstanding of business goals can lead to improper alignment between information security and business objectives. If your cybersecurity professionals do not have the right information when planning, their security initiatives may not align with the best interests of the organization. As always, clear communication is key for giving your employees a better understanding of how they fit in to the overall mission, objectives and activities of your business.

Small business owners should take the time to interact on a personal level with those designing the strategy for protecting their business. Meeting to discuss the mission statement and the critical business functions is a must-have conversation with in-house security teams. Medium-sized business may benefit more from steering meetings where the technical team leads and the executives can discuss strategy as it relates to cybersecurity.

The logical next step is to convey action items via training and best practices to all employees.
Unfortunately, cybersecurity professionals that do not achieve the proper alignment to the company’s mission are often portrayed as roadblocks or choke points that “police” rather than “partner.” This can lead to employees circumventing basic security measures, which ends up being a “lose-lose” for all parties involved.

When systems are compromised, it is more than an inconvenience for employees or customers, it is affecting the bottom line. Cultivating a common understanding is easier than it sounds, and stems from employee engagement. Engage employees by establishing concrete ways they can help protect the company mission. Employees that know and fully understand the why behind their actions related to best cybersecurity practices are more effective when doing them.

How Analecta Cyber Security can help

 

Security is not meant to take place in a bubble. Analecta can work with you to understand which technical capabilities are tied to your organization’s mission, objectives and activities, and how cybersecurity supports these efforts. If you are looking for expert advice on implementing a cybersecurity program for your company, or need advice on where to begin, email us at info@analecta-llc.com. We are here to help!

Further Resources

  1. Framework for Improving Critical Infrastructure Cybersecurity - NIST 
  2. How to Get Employees Excited About Your Business Vision 
  3. Critical Business Functions Checklist from Prepare My Business.org