If you think that mitigating cybersecurity risks is all about applying software patches, it may already be too late!
The technological choices, made upstream, will determine the security vulnerabilities that will be put in place.
Additionally, and if you want to make the right choices, you may need to think about your organizational schema.
The functional design of your business and processes can also determine vulnerabilities.
By the way, “security mitigation” cannot be a program in itself in your portfolio.
It is a subject that concerns and correlates several initiatives such as digital transformation, information governance, IAM, Cloud deployments, etc.
“(Cyber)risk mitigation starts at the conceptual stage.”
Before launching a large, expensive program, the situation should be properly assessed.
EXCOGITEA Consulting