It all Starts with a requirement which makes up a compelling Business Case

A perfect business case starts with a revenue model and target of $ 10 Million YoY and cost of development is approx $ 500K in 6 months.

Statement sounds familiar?? Yesss Absolutely - It makes good Business sense - Why Not and Cybersecurity is Definitely not your Business; So.... Why should anyone talk about Cybersecurity in the Beginning.

The Basics & The Strategic aspects influencing the need for security

• Is your Business relying on technology in any form ?
• Do you use internet for any business purpose - as simple as hosting your website ?
• Does your employees have Company Identities - not just a user accounts ?

If the Answer to any of the above is YES; Not Talking about Cybersecurity then is a Bigggggg Mistake and Be sure that someone would find out sooner or later
 

Verizon Data Breach Report 2019 says

• 52% of cyberattacks involve hacking - which is no Big Deall these days: anyone can Hack
• 34% of attacks involved insiders - All you need is an Ooops from a Novice employee
• 43% of cyberattacks were on small businesses - out of which a confirmed chunk of incidents total up to 27000

Lets spend a minute to understand What is Cybersecurity and Why we should we think about it? Cybersecurity: simply put - Its a Practice of Protecting Assets in the Virtual World from both intentional and unintentional means. In order to understand Why Cybersecurity: lets review a situation?

If the there is an ATM machine, if anyone is able to find the key; they can just punch in a number and walk away with some cash. Is that called a Crime? - Remember; there are no Rules or law governing the above ATM Machine. What if you can do the same thing - being 5000 miles away from the ATM ...!!! Even if there are laws governing the use of ATM; it may or may not apply to you. Is THIS a Crime? Probably now security would be of a consideration.

A Business situation:

What is an Asset - something of Worth; When in Business - What is your Asset - Lets say; a "Plant Machinery" which runs on "Electricity" Can someone steal it? Neaahhh.. Its Toooo Biggg....

What does it mean to your Business if something goes wrong with it - Company would incur a loss

Do you want to prevent Losses to your company - If Yes; then you need to ensure its Secured ENOUGH!!!

Apply Internet 2.0 to the same Business situation; Replace: "Plant Machinery" = "Web Application"; "Electricity" = "Internet" - - Restart & Re-Do The Same Business

What is an Asset - something of Worth; When in Business - What is your Asset - Lets say; a "Web Application" which runs on "Internet" Can someone steal it - ....????????.....

What does it mean to your Business if something goes wrong with it - Company would incur a loss

Do you want to prevent Losses to your company - Yes; then you need to ensure its Secured ENOUGH!!!

Notice how dynamics change with the New Age Fundamentals

When you are in Business; You or your Business is Producing something of WORTH in some form or the other which at the end is nothing but DATA; that is the New Oil meaning its the new Definition of Asset; The Business will incur losses if this Asset ='DATA' is compromised

• DATA Produced has to be Stored - Data at Rest - What if its Compromised
• DATA to be processed to do business - Data in Transit - What if its Modified
• DATA after serving its purpose has to be archived - Data Retention - What if its Stolen

Are all the above questions answered RIGHT in the beginning - IN THE BEGINNING ????? Furthermore: its a very important aspect to consider whether the Business requirements are being consolidated with regards to an Enterprise Architecture. Now is probably a good time to get a face off with an Enterprise Architecture Model: Example: Zachman Framework

While drafting a business case; first identify your individual Audience categories and then consider all perspectives. The resulting Business Case should then be evaluated on a risk based approach for its Pros and Cons.

At this stage: you should have a got a good idea as to: Why no One spoke about Cyber Security in the Beginning