- the concepts and recommendations discussed in Microsoft’s policy paper: Developing a National Strategy for Cybersecurity; and
- how your business could improve its cybersecurity by considering the recommendations in this paper.
What is cybersecurity?
Why a national cybersecurity strategy? What’s a national cybersecurity strategy?
Ok. But what makes a successful national strategy?
Well, Microsoft reveals that there are three critical qualities to a successful national strategy:
- They sit within ‘living’ documents developed in collaboration with major public and private stakeholders. In other words, the strategy is constantly changing to adapt to the developing digital landscape.
- ‘They are based on clearly articulated principles that reflect societal values, traditions, and legal principles.’ Each nation has a different culture, and a national strategy should consider this.
- They are based on a risk-management approach, which embraces both risk mitigation and risk acceptance.
And here are some of the things that a national strategy can do:
(Source: Microsoft’s Developing a National Strategy for Cybersecurity)
Microsoft’s six foundational principles for a national cybersecurity strategy
As described earlier in this article, a national strategy must, at its core, be unique to the nation to which it belongs. To develop a bespoke strategy, Microsoft recommends using the following foundational principles as the base for any national strategy:
(Source: Microsoft’s Developing a National Strategy for Cybersecurity)Cascading from these principles are several recommendations from Microsoft. To learn more about these recommendations, you should read Microsoft’s policy paper (here). Here are a few of the standouts:
- Develop a clear structure for assessing and managing risk across the strategy
- Establish both critical and minimum security baselines
- Recognise a role for continuous monitoring of systems and protection of data
- Building Incident Response Capabilities
- Workforce training
Alright. This is great. But what does it all mean for my business?
Microsoft believes that every country should have a national cybersecurity strategy. And we agree. What’s more, every business should have its own national cybersecurity strategy, except that the nation in your case, is your business itself. Boom.
Applying Microsoft’s six foundational principles to your business’s cybersecurity strategy should help build a robust strategy that will keep your business safe from people looking to exploit the vulnerabilities of the internet. While it may not eliminate all risks, it will help cement the processes that will enable you to continue to run a successful business.
If you want some guidance on how to develop your own cybersecurity strategy, give us a call. We’re always happy to audit and improve your cybersecurity systems.