The integration of digital technology into all areas of business, including processes, products and the business model itself, triggered the need to adopt a well-established and guaranteed digital trust approach.
Achieving digital trust is a critical success factor for organizations to enable and secure their digital ecosystem and sustain their profits while maximizing stakeholders’ values. Adopting an IT and cybersecurity governance model that supports digital trust using an integrated risk management roadmap is a major strategy that organizations should focus on to achieve their enterprise goals and satisfy their stakeholders’ needs by demonstrating their trustworthiness and increasing the level of confidence in their services.
Digital trust and securing customer value
Enterprises exist to create value for their stakeholders, and this value needs to be trusted by the stakeholders in order to be accepted and consumed. This will drive customer loyalty and improve the enterprise’s reputation.
Enterprises should focus on how to set proper strategies and adopt international frameworks and standards that support achieving digital trust. In the digital economy, one of the major enterprise goals for most organizations is to ensure that their digital services and digital relationships are trusted, to safeguard their reputation and to sustain their profits and growth.
Understanding digital trust
Digital trust, according to ISACA, “is the confidence in the integrity of the relationships and transactions among providers and consumers within an associated digital ecosystem. This includes the ability of people, processes, organizations, information and technology to create and maintain a trustworthy digital world.”
ISACA further maintains that “no business or individual operates in isolation, because most enterprises operate digitally, or depend on digital business model. Trust in the digital ecosystem will impact their success. To comprehend digital trust, an enterprise’s workforce must understand the transactions and interactions that constitute a relationship and the stakeholders and information types that may be involved.”
Establishing an IT and cybersecurity governance approach that supports digital trust
Due to the increase in cyberattacks, scams and security breaches in recent years, enterprises and governing bodies have realized that operating in a secure digital landscape is more important than ever. Because of this, most enterprises are focusing on establishing and maintaining governance of information technology and cybersecurity. In addition, there is a major focus on measuring the maturity and the capability of the implemented governance and management practices, as they provide a comprehensive understanding of the current state and the alignment with strategic objectives and the target state.
By assessing maturity and capability, organizations can identify gaps, weaknesses, strengths and areas for improvement within their governance processes, structures and policies.
Adopting COBIT 2019 for the governance and management of information and related technology
The COBIT framework guides enterprises on how to design, adopt and implement a governance framework for information and technology. Designing I&T governance based on a set of design factors allows enterprises to set their target governance system that they want to achieve, the scope of objectives to be included and the target capability levels of the governance and management objectives that will be part of the implementation plan.
By implementing COBIT governance objectives, organizations can set their governance structures (the governing bodies), in addition to the required governance principles, accountabilities and practices.
Examples on how I&T governance can support a digital trust (DT) adoption approach in organizations include:
- Establish proper accountabilities and responsibilities related to DT practices.
- Approve DT strategic goals and objectives and endorse its governance.
- Approve a DT program and strategy to support the implementation of digital trust practices in the organization.
- Support the culture of digital trust and awareness in the organization.
- Allocate adequate budget and resources for fulfilling digital trust requirements.
A cybersecurity resilience program to increase the digital trust confidence level
Organizations should focus on establishing confidence and reliability in their online transactions, interactions, data sharing and all their digital channels. Building digital trust requires strong cybersecurity measures, transparent data-handling practices and effective methods to safeguard sensitive information and maintain the integrity of digital assets.
Here is a sampling of critical cybersecurity practices that we recommend organizations consider to increase their digital trust confidence level:
- Establish cybersecurity governance by developing and implementing a cybersecurity strategy and program that supports digital trust objectives in the organization.
- Develop and implement cybersecurity policies that ensure proper controls are in place to support digital services.
- Establish a comprehensive cybersecurity risk management program, covering risk identification, assessment, analysis, treatment and communication across all digital channels.
- Establish comprehensive vulnerability management programs to ensure timely identification and treatment for critical and high vulnerabilities across all critical assets and digital channels.
- Establish proper cybersecurity controls to protect network and infrastructure components.
- Integrate the role of cybersecurity and security requirements in the project and program management approach, especially for critical projects that are related to digital channels.
- Establish a comprehensive cybersecurity awareness program that adopts a top-down approach covering the board of directors, executive management and critical departments and clients in the scope of digital trust.
- Enforce the implementation of proper identification, detection, protection, responding and recovering techniques for proper prevention, detection and correction to secure the physical and logical assets.
- Enforce resiliency by design for all digital applications and channels.
- Establish data protection and privacy programs.
- Enforce network, systems and applications hardening procedures to ensure secure configuration.
- Enforce strong cryptography techniques for data at rest and in transit to secure PII and critical information across all digital channels and platforms.
- Establish incident detection and response capabilities that enable timely identification.
- Establish a trusted threat intelligence framework covering multiple trusted sources to secure the digital channels.
Editor’s note: Dina Numan and Dr. Ramzi Sunna will share further insights on this topic during their session, “Achieving Digital Trust Through Governance of IT and Cybersecurity,” at ISACA’s Digital Trust World Europe conference, to take place 17-19 October in Dublin, Ireland. Find out more about the conference or register here.