Typically, when speaking to business leaders about their cybersecurity status, many times they say, “My IT people are handling that!” To which our response is, “how do you know”?
How do you know that everyone involved understands your security expectation and their role in your security program? We refer to this aspect of cybersecurity as organizational alignment.
Alignment means that everyone understands the security needs of the organization and in what ways they, individually, are responsible for helping to meet those needs.
Alignment starts with senior leadership defining security goals for the organization and communicating those goals to everyone with a role in security, including workforce, vendors, and customers.
You need your organization to be in alignment across three principles of security: