The CMO Survey - Highlights and Insights Report - Spring 2024
Business Process Revamp is Paramount in 2024.pdf
1. Business Process Revamp/Re-engineering is paramount in 2024:
Happy New year everyone! This is to thank everyone in my network and the
entire Cyber Security Community that I associated and affiliated with in 2023.
Thanks for your patronage! Let us be optimistic and look forward to a more
productive year 2024. The threat vectors are overwhelming! A hail lot of ongo-
ing and outrageous investments and deployments of Security tools as though it
is ALL about how much and how many Security Tools are deployed to maintain
a resilient security posture. I suggest every organization needs a revamp or a de-
liberate walk-through around their Enterprise Architecture(EA) starting from:1.
The Corporate Governance of the Organization. 2.The Business Processes(with
a level of granularity in each Business Unit). 3. The Information Technology
Architecture (covering all the infrastructures; the hosts; platforms; the Iden-
tity and Access Management(IAM) frameworks(covering ALL Identities- Ma-
chine Identities, Application Identities, Federated Identities, Cloud Identities,
Internet-of-Things & Devices(BYOD)); The ERP or Core Business Applica-
tions and other Third Party and in-house developed Applications; The Elec-
tronic Channels and associated Applications; The Networks and Telecommuni-
cations Infrastructures (wide area network(WAN), Local Area Network(LAN),
The Clouds, the Internet, Wireless, extranets); The Systems Infrastructures
(Servers, Hosts, End-Points, The Data Center, Racks, The Environments for
Apps, End-users, Operating Systems and others); The Information Technol-
ogy Operations Center(Back-ups, Systems and Applications in Custody, Daily
routines around Applications, incident response plan, IT help desk and other
routines); The IT Risks Operations Center(Business Continuity Planning(BCP),
Disaster Recovery Planning(DRP)) and other lines of Information Technology).
It is important to revamp or establish a walk-through around these processes be-
cause it is no longer technology as usual in this age. The emerging and evolving
rate of Technology and Digitalization has created a wide paradigm shift across
all business Processes. A deliberate walk-through around ALL lines of business
with a granular approach would help us establish a clear-cut Information Tech-
nology Security Architecture driven from the IT Security Governance covering
the Policies, Standards, Procedures, Baselines and necessary guidelines across
the organizations. Such revamps and re-structuring would make Risk Manage-
ment, Business Impact Analysis, Business Continuity Planning, Alignment of
processes with the standard frameworks more seamless. Until we deliberately
review each of these processes, it would be difficult to establish a map-out or
inventory of ALL your Information Assets and the entire workflow. The truth
is that the organizations are embracing more security tools than managing and
streamlining what they have got for optimal use. Permit me to re-inforce that
reviewing your portfolio and capacity could reveal that quite a lot of your exist-
ing security tools are being under-utulized. A Revamp and walk-through around
your business processes would help the organizations to seamlessly plug-in more
Tech Tools as Technology emerges.
Again, virtually ALL Business Processes are transforming rapidly with Artificial
1
2. Intelligence, Large Language Machine learning, Generative Artificial Intelligence
and most importantly the Cloud Subscriptions. Most businesses now prefer
their secondary or off-site environments in the Cloud, some also have their
development and testing environments in the Cloud. In as much as it is good to
embrace the Technology as it emerges, I would suggest that organizations take
a thorough walk-through of their existing processes, gateways and outlets to
reveal the hidden lines that could pose issues of disclosures, leakages, breaches,
unauthorized tampering of Data, abuse of Privacy(both corporate and Personal)
and unauthorized destruction and denial of use when it matters most.
Your Information Technology Security Architecture is a clear-cut road map that
can assist your organization to run with a healthy Security Posture if only you
could pay attention to first things first- A thorough walk through and revamp
right from the Organizational Governance down to IT Operations.
Your Security Team(Physical Security, Administrative Security and Technical
Security) or your Security Steering Committee could not achieve much in
this digital age if a deliberate structured walk-through, revamp or process
re-engineering is not established periodically and with a holistic approach. In
conclusion, each emerging Technology could give rise to loosed-ends in some
business Processes which may not be identified prior to or after implemention
or apparently detected after the bad guys must have scored a goal.
It is important to walk-through each Business process with all stakeholders in-
volved. Always walk-through with Industry-specific Standard frameworks, Infor-
mation Technology Standard Frameworks(ITIL-IT Infrastructires Library, ISO
22301-IT Service Mgt., ISO 20000-Business Continuity Planning, TOGAF); In-
formation Security Standard Frameworks (ISO 27001-InfoSec, ISO 27002-Codes
of Practice, ISO 27005-Risk Mgt., COBIT-Control Objectives for Information
and Related Technology); Data Privacy Frameworks(NDPR, GDPR, ISO 27018-
Clood Data Privacy) and other necessary frameworks such as Artificial Intelli-
gence Standard Frameworks (ISO 42001) and Supply Chain Security Manage-
ment Frameworks(ISO 28000). Frameworks would help you with a clue and
checklist of what is expected in each line of Business with Security best practices
in mind and to ascertain seamless security plug-in with the edges in technology.
Frameworks are good for ascertaining the security or control gaps around your
business processes. Frameworks would also help Businesses to re-align with the
series process modernizations currently ongoing across the globe. Your Security
Operations Center should re-align with the modernizations that are automated
driven and necessary synchronizations and integrations that would improve the
rate of discoveries with transparent visibility and enhance response plans.
Would it not be a great proactive move revamping and walking through the
Business processes with optimal Security that would reasonably assure the Confi-
dentiality, Integrity, Availability, Privacy, Authenticity and Safety around your
Critical Information Assets in 2024? Policies are better off when they are work-
able and could be seamlessly complied and enforced .
2
3. I suggest you minimize cumbersome procurements in 2024 and embrace a re-
vamp or walk-through that could reveal the under-utilized resources that could
be re-engineered for Optimal Security. I also suggest you leverage on automa-
tions only when you have ascertained a thorough walk-through of your business
processes and could reasonable assure that there is minimal room for breaches,
disclosures and abuse of privacies.
Wishing every organization a Safe and Secure Cyber World!
Happy New Year from Chinatu Uzuegbu, Managing Cyber Security Consultant,
RoseTech CyberCrime Solutions Limited! Combating Cybercrimes.
3