Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » Is Your Cybersecurity Failing? Here’s What to Look at First.
Cybersecurity

Is Your Cybersecurity Failing? Here’s What to Look at First.

Chris HughesBy Chris HughesJune 23, 2022Updated:July 3, 20223 Mins Read
Facebook Twitter LinkedIn Email
Cybersecurity Failing. Try the Cybersecurity Fundamentals
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

It’s no secret that, as an industry, many organizations are failing when it comes to effective cybersecurity. The headlines are rife with data leaks, breaches, and ransomware incidents. That said, there are many organizations making incredible headway in building mature and effective cybersecurity programs. If you fall into the first category, we will take a look at some high-level fundamentals that should be present among nearly any organization to drive down risk.

Critical Controls

Organizations of all shapes and sizes have to deal with security controls. Most organizations fall under a minimum of one, and often more, regulatory frameworks such as SOC2, HIPAA, HITRUST, PCI, FedRAMP, and more. Effectively implementing all of these security controls at scale can be challenging. Many of the frameworks include hundreds of controls and exponentially more when you account for sub-controls and implementation nuance.

A great place to start for any organization looking to get a baseline of cyber posture in place is the CIS Critical Security Controls. Formerly the SANS Top 20, the list of critical controls is now known as the CIS Critical Security Controls, and there are 18 of them on the list.

This includes absolutely fundamental areas such as hardware or software asset inventory, data protection, and access control among others. Without getting these fundamental controls in place and working effectively, it would be nearly impossible to have a basic level of assurance regarding the cybersecurity hygiene of your organization and digital assets.

While these are titled critical security controls and there are less than 20, even the most mature and capable cybersecurity programs still struggle to effectively do all 18 critical controls at scale, due to the dynamic and complex nature of most modern digital environments. However, failing to address these critical controls is comparable to negligence.

Vulnerability Management

Next up is Vulnerability Management. This involves the practice of identifying, classifying, prioritizing, mitigating, and remediating vulnerabilities associated with your inventoried assets. Organizations of any industry, shape, or size must have a coherent and consistent process in place to deal with vulnerabilities.

Organizations must deal with vulnerabilities of all sorts, everything from misconfiguration and software vulnerabilities to policy and process gaps. Failing to have a robust and documented vulnerability management process and program means you will struggle to mitigate the vulnerabilities and effectively have an exponential attack surface for malicious actors.

This is also easier said than done in modern environments, made up of complex relationships with business partners, managed service providers, cloud service providers, and externally consumed software across the software supply chain. That said, it is still a key imperative to address.

Cybersecurity Risk Management

Last but not least is the area of cybersecurity risk management, which also involves the previous two items discussed. This is the process of prioritizing cybersecurity defense measures based on the projected adverse impact of threats relevant to your respective organization.

This generally involves understanding the threats involved, vulnerabilities present, probability of occurrence, and the potential impact. This can be contrasted against the security controls in place, which can often act as mitigating measures to ultimately reduce the overall risk.

There are a number of popular risk frameworks available as well, such as NIST’s Cybersecurity Framework, DoD’s Risk Management Framework, or more quantitative options, such as the FAIR Institute’s frameworks.

Regardless of the framework chosen, getting an understanding of your risk and how you’re managing it is key to improving your overall security posture and driving down risk that may impact your organization that exceeds your defined risk tolerance.


Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

Cybersecurity featured Featured Post Risk Management Vulnerability management
Share. Facebook Twitter LinkedIn Email
Analystuser

Chris Hughes

CEO and Co-Founder
Aquia

Areas of Expertise
  • Cloud
  • Cybersecurity
  • LinkedIn

Chris Hughes is a Cloud Wars Analyst focusing on the critical intersection of cloud technology and cybersecurity. As co-founder and CEO of Aquia, Chris draws on nearly 20 years of IT and cybersecurity experience across both public and private sectors, including service with the U.S. Air Force and leadership roles within FedRAMP. In addition to his work in the field, Chris is an adjunct professor in cybersecurity and actively contributes to industry groups like the Cloud Security Alliance. His expertise and certifications in cloud security for AWS and Azure help organizations navigate secure cloud migrations and transformations.

  Contact Chris Hughes ...

Related Posts

AI Agents, Data Quality, and the Next Era of Software | Tinder on Customers

July 3, 2025

AI Agent & Copilot Podcast: AIS’ Brent Wodicka on Operationalizing AI, the Metrics That Matter

July 3, 2025

Ajay Patel Talks AI Strategy and Enterprise Adoption Trends | Cloud Wars Live

July 2, 2025

Slack API Terms Update Restricts Data Exports and LLM Usage

July 2, 2025
Add A Comment

Comments are closed.

Recent Posts
  • AI Agents, Data Quality, and the Next Era of Software | Tinder on Customers
  • AI Agent & Copilot Podcast: AIS’ Brent Wodicka on Operationalizing AI, the Metrics That Matter
  • Ajay Patel Talks AI Strategy and Enterprise Adoption Trends | Cloud Wars Live
  • Slack API Terms Update Restricts Data Exports and LLM Usage
  • Google Cloud Still World’s Hottest Cloud and AI Vendor; Oracle #2, SAP #3

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks

Accelerating GenAI Impact: From POC to Production Success

November 1, 2024

ExFlow from SignUp Software: Streamlining Dynamics 365 Finance & Operations and Business Central with AP Automation

September 10, 2024

Delivering on the Promise of Multicloud | How to Realize Multicloud’s Full Potential While Addressing Challenges

July 19, 2024

Zero Trust Network Access | A CISO Guidebook

February 1, 2024

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.