top of page
  • Writer's pictureM. Bohnel

Inconsistency - The Silent Enemy Of Your Cyber Effectiveness

Strong security goes hand in hand with consistency. When you lock your house up for your annual vacation you go through each room in turn making sure that all the windows and doors are locked, and the burglar alarm is set. What you are doing is nothing short of executing a process. The larger the house the more time you spend on the process.

Even though this is a slightly trivial example it illustrates the need for process and discipline to make sure the likelihood of getting burgled is minimised. It is only through the rigorous adherence to the process that consistency is achieved – in our example all entrances and ways into the house are secured. A more haphazard approach may have missed the closet window because the closet is hardly ever used, which would have resulted in the whole security of the house being undermined through a simple lack of consistency.


The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) is recognised across the world as the gold standard for assessing cybersecurity maturity. The core functionalities of the framework provide organizations with a structured approach to managing cybersecurity risks across their entire enterprise, from identifying vulnerabilities to responding to and recovering from security incidents.


Consistency across the IT landscape is a challenge for many organisations, especially those with large and complex environments. This lack of consistency can be considered highly damaging to the security posture of an organisation and its capacity to adapt to change which in turn places the overall business at risk. Without consistency the notion of enforcing security remains purely academic.

There are many factors that lead to inconsistency - Business Transformation initiatives such as the deployment of new cloud solutions, company mergers, IT & business process outsourcing, are all examples of situations where inconsistencies arise.


Our Caveris ICAS platform brings structure, order, and oversight to the management of Information & Cybersecurity Protection, resulting in the enforcement of a consistent, repeatable, and predictable level of security across the entire enterprise. ICAS achieves this by modelling in software the organisation hierarchy (i.e., creating a digital twin) from lines of business down to the individual protection measures and their workflows. The ICAS Model provides the foundation for enforcing consistency, accountability, and rigour. By associating business objects, such as services with underlying controls, ICAS automatically correlates control weaknesses to business risk.

In our next blog we shall explore the relationships between Cyber Threats and Protection Measures and see how ICAS provides senior management with visibility into these.

40 views0 comments


Caveris Blog

bottom of page