6 Questions for Building and Scaling a Cybersecurity Plan

Creating a cybersecurity plan is the first step in starting secure and staying secure. Consider this when planning a budget, getting support from staff, and creating company goals. Here are six essential questions to ask yourself when getting started.


WHY should you add a cybersecurity plan to your budget?

Don’t wait until there is a problem to start thinking about a cybersecurity plan. You may not have considered cybersecurity in your budget. When there is an attack, the costs – both to the bottom line and to your reputation – can be substantial. When creating a budget, consider allowing for investments to strengthen your cybersecurity. It could be for outside support, tools and services, or upgrades to hardware. In the long run, it may be less expensive to consider these preventative measures now than to deal with the fallout of a costly attack later.

WHEN should you start?

There’s no better time than the present. It’s never too late to start, and if you have a cybersecurity plan in place, we advise revisiting it regularly to make improvements.

WHO should be involved in building your cybersecurity plan?

There is a misconception that only IT professionals should create, manage, and implement a cybersecurity plan. The reality is that cybersecurity should be on everyone’s to-do list. Getting buy-in from leadership as well as being transparent with staff enables cybersecurity to become a priority across the organization. Everyone has a role to play.

WHAT is your level of risk?

No one can prevent every attack and make considerations for every situation. A company should assess their risk and create a plan that aligns with that risk. Use these questions as a starting point:

  • Do we need to comply with any industry frameworks?
  • What are the potential costs of a breach?
  • What do we have in place already?
  • If there is a breach, what should we do?
  • What can be fixed now that offers the best protection?
  • Are we measuring against industry standards like the CIS Critical Security Controls (CIS Controls) and CIS Benchmarks?

WHERE do you find help?

Starting or updating a cybersecurity plan can be daunting. You not only have to create and implement a plan, but you must also continue to monitor your configurations to avoid them drifting or weakening over time. CIS offers CIS SecureSuite, a membership program designed to offer integrated tools and resources that can help you maximize your use of security best practices. For example, Members have access to the CIS Controls Self Assessment Tool (CIS CSAT), through which you can prioritize and track your implementation of the CIS Controls. It also provides access to CIS-CAT Pro, which enables users to automate configuration assessment scans using the CIS Benchmarks.

HOW do you scale your cybersecurity plan?

To ensure your cybersecurity posture is strong over the long term, you must continually reevaluate your answers to these questions based upon the changing technology and threat landscape. Along the way, you may find that you need to scale your cybersecurity efforts in a way that aligns with your business requirements. This can be difficult to do on your own.

Once again, this is where CIS SecureSuite can help. Membership enables you to map out your implementation of security best practices so that you can grow your cybersecurity maturity. This strengthens and streamlines security defenses without wasting time and resources, thereby supporting – not inhibiting – profitable business growth.