Members in the picture

Frank Souffriau

INNOCOM

INNOCOM is a fully independent Belgian company that has been guiding organizations through large and complex strategic changes for over 25 years. They are considered an authority in the field of strategic alignment and bringing strategy into execution. Frank Souffriau, the Enterprise Security Architect at INNOCOM, focuses on ICT and ICS/OT cyber strategies for critical infrastructures.

INNOCOM is a fully independent company that has been guiding organizations through large and complex strategic changes for over 25 years. INNOCOM acts as a premium transformation partner, leveraging their expertise in various fields, like Enterprise Architecture, Strategic Design, various Digital & Agile Transformations, Risk and Security, including Enterprise Security Architecture and Security Program Management. The IC Institute, the academic entity part of INNOCOM, provides a full-fledged Master-after-Master program (“master’s in science in Enterprise Architecture”) as well as several topical masterclasses. With both consulting and academic activities, INNOCOM is in a unique position to build on a collective knowledge cross-industry by continuously harvesting the best of the best practices through innovation. 

Frank ‘s current role within INNOCOM is Enterprise Security Architect. He is an experienced senior cyber-, information security and risk management professional with diverse working background in Information and Communication Technology in the public and private sector, in different industries, both national and global. He fulfilled roles in all the three-lines-of-defence (a risk management framework created by the Institute of Internal Auditors) helping organizations to ensure effective risk management and control. Today, his focus is primarily on ICT and ICS/OT cyber strategies for critical infrastructures. 

Enterprise Security Architecture in practices 

The Enterprise Security Architecture (ESA) Focus Group of the CSC is a collective of experts who share experiences, develop security architecture, and co-create architectural assets. “Our focus group might be a bit different compared to others due to the characteristics of this discipline “, says Frank. Besides our tangible outputs, such as the ESA Position Paper and the ESA Maturity Model, our focus extends to aligning business objectives with security. We achieve this by sharing experiences, delving into architectural topics, and brainstorming on the selection and design of sustainable security capabilities. Furthermore, we facilitate the exchange of reusable architecture assets through a shared framework endorsed by all participants. 

The complexity of security challenges is often underestimated  

Despite the increase of awareness and substantial investments in cybersecurity technology, many organizations still overestimate their cybersecurity effectiveness. This can be attributed, among other things, to the lack of comprehension of the intricate challenges that come with digital evolution. Particularly in the ever evolving and complex field of cybersecurity, it becomes crucial to cultivate an environment that encourages continuous learning, knowledge sharing, collaboration, and adaptability. A community such as the Cyber Security Coalition serves to strengthen this type of activity.  

Cyber threats are multifaceted and can come from various sources, including external hackers, insider threats, and even state-sponsored attacks. Rapid technological innovation creates new risks. Keeping up with these advances, like the usage of Artificial Intelligence, requires a deep understanding of technology and its implications for security. 

Cybersecurity requires also a strategic approach, supported by a profound knowledge of the rapidly evolving threat landscape. It is not just about investing in the latest security solutions, but also about building and structuring long-term strategic capabilities, in which the human factor cannot be overlooked. Lack of training and knowledge, unclear roles and responsibilities, human errors and insider threats add to the complexity of cybersecurity, which brings us to the following topic: the role of people in cybersecurity. 

Everyone plays a crucial role in maintaining the organization’s security posture. 

Based on Frank his experience, he concludes that even though over the years information and cyber security has become more and more important, often it is still left to the security department or individuals who are assigned to this role. It should become more decentralized and democratized, involving everyone in the organization at all levels. While some centralized measures are necessary, there should also be room for decentralized actions that promote shared responsibilities. This approach enables faster response to issues, leverages contextual understanding of different teams, empowers employees, enhances scalability, and increases resilience against attacks. However, it is important to balance this with appropriate controls and oversight to maintain a coordinated security strategy. For which the architectural discipline can help to align the security needs with the business needs.  

Effective cyber resilience must be a risk-based strategy that spans the entire enterprise. It should be driven by executives and involve everyone in the organization. However, it is also crucial to include partners, supply chain, external providers and customers in this strategy. It is about fostering a culture where cyber resilience is ingrained in every decision and action. 

The Coalition offers a platform where people of all kinds of disciplines and sectors can interconnect. For example, members can exchange knowledge and experience to better understand the implications of the NIS2 directive. The discipline of Enterprise Security Architecture, in that perspective, can play a crucial role in helping organizations to navigate requirements of NIS2, provide a structured approach to manage cybersecurity risks and maintain a robust and sustainable cybersecurity posture. 

More members in the picture