Pieter Delport (right) and Ruan Koen at Noroff shared valuable knowledge about how to implement and manage cyber security measures.

Can two different companies apply identical protection measures against identical security risks?

The answer is a clear “no”, according to Associate Professor Pieter Delport and Assistant Professor Ruan Koen at Noroff School of Technology and Digital Media.

This week, they hosted a meeting in Kristiansand, assembling IT professionals from regional companies to discuss cyber security issues. This was the second meeting for what is called Agder Cyber Security Forum, an initiative from GCE NODE, Eyde Cluster, Digin, Noroff, NFEA and Maritime Forum South.

Delport and Koen stressed that every business is unique and needs tailored cyber protection solutions. «Are we doing the right things right», was the key question Delport and Koen posed to the audience.

“There is no blueprint in this game. Different countermeasures and implementation methods are required to address the specific challenges. It all starts with an analysis of context,” said Delport.

His message was that each business must define its own position and vulnerability, and apply the control mechanisms suited to their needs. This process must involve the entire company, and the management must be fully behind it.

FOUR STAGES
Koen and Delport identified four stages of a successful security implementation process.

  • Define and understand your context
  • Manage your risk
  • Identify and implement relevant security mechanisms
  • Continuously monitor your system

Koen stressed the responsibility shared by both the security team and the management of a company when it comes to preventing cyberattacks.

“You are the guardians of the most critical assets of your company. You need to control whether the measurements put in place work in practice. Ask yourselves; are you fulfilling your responsibility?” Koen asked.

A NEVER-ENDING PROCESS
Delport added that it is essential to have in place a management system which includes a plan for stress testing, drills, and desk exercises.

“It’s all about governance. Cyber security protection is a process, not a project. It has a starting point, but no end,” said Delport.

The second meeting in Agder Cyber Security Forum took place in Kristiansand this week.