How to make a difference to the future of cyber

Welcome to the new 160 cyber warriors who joined us last week. Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA stages.

Keep up with our weekly newsletters on LinkedIn — subscribe here.

Discover how the world’s leading cybersecurity leaders think – and what they think about. Exclusive interviews and insights, in your inbox every week. 

This week we’re focused on…

The organisations that are working to strengthen cybersecurity governance worldwide. 

Why? 

Because we interviewed Ramy Houssaini (Chief Cyber & Technology Risk Officer, & Group Privacy Officer, at BNP Paribas) about the Cyber Poverty Line Institute, and it got us thinking about all the organisations and activists around the world who share one very important goal: 

To establish clear governance and standards in cybersecurity, so the future can be safer. 

So in case you were wondering who’s working on this right now, here’s a list of three international organisations focusing on governance. Discover their mission – and then learn how you can get involved with a growing number of industry-led initiatives that are working towards standardised best practices in cybersecurity. 

1. NATO

It’s a big one – and NATO plays a significant role in cybersecurity governance among its member states. 

NATO’s 2021 Comprehensive Cyber Defence Policy supports the organisation’s core tasks and overall defence posture. And the NATO Cyber Security Centre was established to handle cyber incidents that affect its member states. 

The organisation also collaborates externally on cybersecurity matters – sharing information, undertaking joint exercises and research, and exploring the potential of collaborative governance. 

2. The Global Cyber Alliance (GCA) 

The GCA is an international non-profit organisation that aims to enable the development of a secure and trustworthy internet. Reducing cyber risk is key to its work – helping individuals reduce the risks they face online, while also working to solve the systemic issues that drive digital harm. 

3. The Global Forum on Cyber Expertise (GFCE)

The GFCE is a platform for international cooperation, with the goal of strengthening cyber expertise around the world. More than 200 members and partners (including governments, international organisations, private companies, and academics) collaborate on issues including…

• Cybersecurity policy and strategy
• Cyber incident management
• Protecting critical infrastructure
• Cybersecurity culture and skills
• Emerging technologies

…and more. 

And a growing number of cybersecurity industry associations are focused on governance, too

Within the field of cybersecurity, practitioners are increasingly establishing their own associations and alliances to share knowledge and develop a collaborative approach to governance. 

The Cyber Threat Alliance, for example, is a group of cybersecurity practitioners from across various organisations, who cooperate to share threat information and improve defences. 

The Information Security Forum (ISF) welcomes members from around the world, and is trusted by over 480 global organisations as a leading authority on information security and risk management. It’s independent and governed by a member constitution, and offers peer-influenced best practices and governance to empower organisations in building cyber resilience. 

And the Cloud Security Alliance (CSA) focuses on raising awareness of best practices for secure cloud computing environments. It offers tools and guidance to help governments and industries establish secure cloud ecosystems, and members can access help for every stage of the cloud journey – from developing a strategy to gaining customer trust, or empowering their workforce to understand and engage in cloud security practices. 

Practitioner engagement is key to good governance 

If you want to get involved in developing security governance for the future, you can: 

• Participate in industry associations, forums, and events. If your voice isn’t included in the conversation, you can’t make a difference.
• Engage with government initiatives. Many governments around the world are actively working on cybersecurity governance, and seeking input from practitioners – through advisory roles or public consultations, for example,.
• Participate in the development and review processes of cybersecurity standards when they’re updated by organisations including the National Institute of Standards and Technology (NIST) and the International Organisation of Standardisation (ISO).
• Be an advocate for continuous assessment of cybersecurity governance models – and share best practices from your own organisation with the wider cybersecurity community.
• Collaborate across sectors. Effective cybersecurity governance needs to involve perspectives and processes from other industries – so cross-sector information-gathering and sharing programs are essential.

By actively engaging in cybersecurity from a governance perspective, you can play an important role in shaping the future of security governance. With more professionals involved, we can work to create governance models that are both effective and adaptive – taking into account the evolving nature of threats and technologies, and evolving alongside them. 

Read our interview with Ramy Houssaini: How is CPLI closing the cybersecurity gap? 

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 02 October 2024.

Catch you next week,
Steve Durning
Exhibition Director

Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business.