Chief Information Security Officers have made some radical changes over the last year or so, including the understanding that security breaches involve a number of variables. From internal and external sources to the very technology that we use to do business, CISO’s are taking action to address these and other issues to deflect the risk of security problems. The entire topic may seem overwhelming to some, but every company is now taking steps to thwart security breaches and the best way to do this is to being with a short list and work your way up.
System security is big business and there are many products and companies that are creating tools to help corporations combat security problems. Gartner, Inc. has indicated that they estimate an approximate $98 billion total for services and products related to security issues. Considering that this is an increase of $86.4 billion from 2017 and a 7% increase in the amount spent in 2016, CISO’s will not have to participate in this battle alone.
Forrester Research analyst, Jeff Pollard has stated: “CISOs are now charged with defending this digital infrastructure, and that includes software everywhere and data as a resource, and that’s a massive change at a time when the attack surface keeps expanding.” He continued to say: “When you look at security leaders of the past, they focused on security infrastructure. They secured the inside of the business — they wanted to secure the network” Pollard also added: “What’s really happening now is that we’re forcing leaders to think of an outside-in approach. To think, ‘What are the most important things in the next 12 to 24 months that generate revenue?’ And use that to dictate what [their] priorities are.”
A general five point strategy needs to be established as a starting point, with special note that this strategy will be flexible as “change” is the name of the game in today’s security situations.
The Framework for Decision-Making
Every team has a defined framework for the process of making decisions. Examining this framework in detail is critical as there are always fewer resources than opportunities and this is where things can slip through the cracks. Getting everything detailed and prioritised without the distraction of redirected attention helps to keep the focus on the major and minor tasks that can affect overall security. This sometimes means that the subjects that are being aligned for a business impact must be set on the same timeline as those that may not appear to be as important.
Examination of all Security Processes and Protocols
This is a broad statement for a lot of areas but being intimately familiar with the processes of security, all changes, and having the confidence in the security team is a priority. This should also expand out to all subsidiaries and partners to ensure that every area has been under a microscope of scrutiny. This is especially important when there are changes in security technologies and/or protocols.
Treating it as a Risk Management Program
Past IT managers as well as CISO’s viewed a company’s cybersecurity plan as a “defensive’ method. The attitude of just protecting intellectual and proprietary data from cybercriminals needs to be altered so that it is viewed as a risk management program. This changes everything so that it includes the proper planning of a comprehensive framework, proactive incident responses, focusing and recognizing the mission critical and highest risk IT environments, justification for financial needs in the annual budget, identifying the resources and personnel required for mission critical system protection, and gaining the support as well as respect from the executive branch of management.
Excellence in Operation
This may sound like a grand plan attempt but companies are now recognizing that the excellent in operation must not just be focused on at a 100% level, it must be accomplished at that level. The old-school concept of security and lockdown isn’t enough anymore.
Customer Satisfaction and Encryption
When you combine customer satisfaction with operational excellence, you create a formula that is closer to a win-win for both the company and the reputation. This cascades into every decision that the company makes, every action that is taken and every change that is implemented. One of the key areas for customer satisfaction is to ensure that your company data is encrypted. While this isn’t a 100% guarantee, it does offer enhanced levels that make it more difficult to breach.
“The trained team at Da Vinci Forensics assists companies in developing a proactive offense attitude as well as taking the actions needed to institute the security measures needed to maintain protection. Cyber threats changes every day and we encourage flexibility in attitude to adapt to these changes.”
Source:
searchsecurity.techtarget.com/feature/CISOs-map-out-their-cybersecurity-plan-for-2018?