Do I need Enterprise Level Cybersecurity??

Yes, having several individuals doing the best cybersecurity practices is great. However, having the same rules apply across every person in the organization is the best option. Management should have a written policy or plan to let employees know what is expected and approved for their use. This is especially true if you are a small business with no dedicated IT team. You need everyone in your organization to be aware of the risks and help fight them!

An organization should adopt an enterprise level security framework to pull together all aspects of threats, vulnerabilities and assets into one consolidated place. This will create effective scenarios to test real information systems by connecting the appropriate controls to mitigate and recover from data loss (Bosworth, Kabay, & Whyne, 2014).

The standardization and implementation of common security control throughout an organization is essential. This will allow an enterprise to build a framework of policies and procedures for information assurance (Symantec, 2010). NIST SP 800-53 Revision 4 outlines a set of controls that an organization may use to have a framework covering areas of mobile and cloud computing, insider threats, applications, supply chain, advanced persistent threat, and the trustworthiness, assurance, and resilience of information systems (2013). These controls are designed for Federal agencies as part of the Risk Management Framework, however they are open for public use and may be adopted by any organization.

References:

Bosworth, S., Kabay, M., & Whyne, E. (2014). Computer Security Handbook (6th ed., Vol 2, pp. 3.19-3.20). Hoboken: John Wiley & Sons.

NIST. (2013). Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

Symantec. (2010). Protect the data: Best practices for security policies. Retrieved from https://learn.umuc.edu/d2l/le/content/111763/viewContent/3861729/View