Control must be enforceable. If control can be circumvented or bypassed, then there is no point to deploy such control. That’s why we need to keep updating the system, infrastructure to sustain their effectiveness over time due to emerging threats are out.
There are many examples out there in the cyber world. Attack and defense are competing each other. Once in the digital journey, allocate resources to address multiple aspects to stay secure:
- Collect threat intelligence and their impacts to own environment
- Assess operation risks to prioritize protection
- Maintain workforce competency and situation awareness
- Refresh technology obsolescence
- Establish achievable and enforceable cybersecurity directives