How Much Cyber Security is Enough?: Securing mid-sized financial organisations in Australia

摘要

Cyber security is a risk: the risk that the company's information assets will be compromised in a way that affects their data's integrity, availability, and/or confidentiality. Like any other enterprise risk, cyber risk needs to be managed in a way that balances the cost of risk realisation against the cost of mitigating that risk. Defence in depth is a seemingly simple and logical approach to protecting systems and data, but is defence alone enough, and how much is needed? Local and global standards and guidelines direct companies in where to focus their mitigative efforts, but for the uninitiated, these can be confusing. Cyber security is an expensive exercise, with much at stake. By taking a practical approach that combines people, policies, processes as well as technology, organisations can manage the cyber security risk to protect their critical and sensitive information assets, and comply with government regulations, within a reasonable budget.