Skip to content

Term of the Week: Situational Awareness

What is it?

An ongoing process to define an organization’s risk and threat environment as it relates to its people, processes, policies, and technology.

Why is it important?

Situational awareness provides the foundation upon which to build a strategy for all other activities related to safeguarding your information and reducing cybersecurity risks. Every organization is unique in its mission, culture, and function; therefore, effective risk management requires that business professionals maintain situational awareness to ensure proper focus and perspective.

Why does a business professional need to know this?

The success of any cybersecurity risk management program depends on the ability of an organization to protect information and digital assets. In order to define a cybersecurity risk strategy, business professionals and cybersecurity specialists must understand the environment their organization operates in. In other words, they must have good situational awareness of their environment.

The situational awareness process considers all aspects of an organization from supply chain to information technology in relation to potential cybersecurity vulnerabilities and threats. For example, what would be the impact on your organization if you lost critical privacy or intellectual property? Would such a loss require operations to cease for a period of time or even permanently? Can you manage the operational impact?

If you attempt to define a risk management program without good situational awareness, you are likely to waste resources on strategies and safeguards that either do not achieve an optimal Return on Investment (ROI) or are ineffective.

2013, the danger of losing situational awareness became clear to the department store chain Target when the company’s vendor system was breached, costing the retailer millions of dollars and damaging its reputation(Abrams 2017)(Kassner 2015). Vendors often have access rights to intellectual property, privacy data, and information systems across multiple business units and functions. Understanding their role in your environment is key to developing an effective strategy to manage cybersecurity risks.

References

About Danyetta Fleming Magana

Photo of Danyetta Fleming Magana

Danyetta Fleming Magana founded Covenant Security Solutions in 2003. Her goal is to change how we think about our information and find new and innovative ways to secure our digital assets. Danyetta is a Certified Information Systems Security Professional (CISSP), a globally recognized certification in the information security arena. In 2011, 2012, and 2014, her company was recognized by Diversity Business as one of the “Top 500 African-American Owned Businesses in the US.” She is a graduate of the University of Illinois Urbana Champaign with a bachelor's degree in engineering.

Term: Situational Awareness

Email: fleming_danyetta@covenantsec.com

Website: covenantsec.com

Twitter: @fleming_magana

LinkedIn: linkedin.com/in/covsec4u

Facebook: facebook.com/covenantcyber

Leave a Reply

Your email address will not be published. Required fields are marked *