 | |
| Insight into IT Risk Management |
The best practices Perform a risk assessment
The risk assessment is an inventory of data that could be stolen and services that could be disrupted along with an estimate of the cost your business would incur if those assets were compromised. Why Different kinds of data and resources have different values and represent different costs to the business if stolen or damaged. For example, marketing information is probably not as valuable to you as customer data.
Because enterprise security resources will always be limited, you must plan your investment and manage your resources to offer the most protection to the data that if lost would yield the most damage. How Survey your systems to identify the data that could be stolen and the services that could be disrupted. Based on the amount and kind of data, estimate the cost to recover the data or mitigate the damage. Consider, for example, that you may have to offer customers credit and identity monitoring services if their data was compromised.
Download Also:
Success factors
- engage business stakeholders in the process.
- Consider potential loss of revenue and brand damage.
- Establish priorities for protection and recovery. Business white paper | Cyber security best Practices.
Develop an enterprise security plan The enterprise security plan will contain your strategy and tactics for threat detection, response, and remediation. It should be keyed to the priorities and risks established by the risk assessment. Why your plan guides your investment in security technologies and your hiring of security personnel. And it establishes processes for investigating suspicious activity, protecting resources, and responding to breaches. It’s also your declaration to business leaders and other executives of how you will protect the company’s assets and how you will respond if a breach occurs. How Different organizations have different planning processes, but any enterprise security plan must engage both stakeholders and functional experts to establish the right objectives and define how they will be met.
Success factors
- Define how you will protect assets, how you will detect threats, and how you will respond to
- Breaches and suspicious activity.
- Focus resources according to the priorities established in the risk assessment.
- Be realistic; the plan must be aligned with the budget.
- Review and update it regularly.
Put the right team in place
Skilled people are the most critical part of your cyber security program—and often the most difficult part to obtain. You must identify the skills and skill levels you need to execute the enterprise security plan, and you must establish the roles and responsibilities of each group and individual. Why almost every system administrator or network engineer knows what to do if a system or network link goes down. But cyber security and intelligence are still part of an emerging career field, so you must know what you’re looking for and hire carefully to create the core team you need to execute your plan and oversee the work of less qualified team members.
How Recruitment and hiring practices vary from company to company . Start with a good understanding of the skills you need, and then assess candidates’ abilities to execute your plan. Qualified, certified enterprise security professionals are in demand, so as you get the right people in place, be sure you offer them a work environment and development opportunities that will encourage retention.
Success factors
- Develop position descriptions, roles, and responsibilities based on your plan.
- Look for experience in the specialized, high-priority areas that loom large in your plan:
- Mobile, cloud, application security, etc.
- Examine certifications of senior personnel. The most widely recognized is the ISC2 Certified Information Systems Security Professional (CISSP) for security professionals, but there areOthers, including vendor-specific certifications, which also indicate a good level of Knowledge.
Business white paper | Cyber security best practices Business white paper | Cyber security best practices
Deploy defenses
Cyber defenses technologies provide a number of enterprise security functions: They protect critical data by encrypting it; they detect and block attacks to stop them from penetrating the network; they detect successful breaches, so you can respond quickly to protect assets; and they enable security staff to investigate breaches and suspicious activity. When you develop software in house or through contractors, defenses also include the technology and processes to identify and fix vulnerabilities in the software, so hackers cannot exploit them. Why expect to be breached; assume a breach has already occurred.
No single cyber defense is 100 percent effective, so you must deploy defenses in layers that address all of the functions mentioned previously. How Hackers have become adept at evading defenses, but they leave tracks throughout the IT environment. Security technologies collect and analyze huge volumes of data and compare it to threat intelligence developed by security researchers like HP Security Research. Devices like next-generation firewalls and intrusion prevention systems collect network data in real time and apply threat intelligence to detect attacks.
Solutions always watch for behaviours that indicate an attack was successful and an infection has occurred. Security information and event management (SIEM) systems amass data from log files and other sources throughout the environment, correlate it, and analyze it to detect attacks and to help the security operations team investigate and remediate attacks.
Success factors
You need more than just firewalls and anti-virus. Deploy layered defenses that can block Attacks at the network edge, detect and stop lateral malware communications within the Network, and detect and remediate successful breaches. Select enterprise security solutions that leverage the best threat intelligence available. Collect as much data from the environment as you can.
Respond to incidents
When a breach occurs—and a breach will occur—you must respond to protect critical assets (as prioritized in your plan); to stop the attack or at least quarantine infected systems; to plug the vulnerability hackers exploited (remediate); to collect and preserve data that could be used as evidence in criminal proceedings; to communicate with impacted customers, employees, and others; and to fulfill any legal responsibilities.
Why the speed and effectiveness of your response determines how much damage you will suffer. Research shows the average time to resolve a cyber attack in U.S. companies is 45 days at a cost of almost $1.6 million USD per incident. More significantly, hackers may continue to exfiltration of data until the attack is completely stopped. Further, you will be subject to legal requirements for notifications to impacted customers, partners, and law enforcement authorities. How you must execute your enterprise security plan for incident response. Team members and others in the organization must know their responsibilities and how to discharge them. Processes should cover everything you must do, but must be kept simple enough to execute flawlessly. Legal and communication obligations should have been identified and planned for in advance.
The most pressing action is to remediate
Stop the attack by closing vulnerabilities in code, blocking the attack, or quarantining infected systems. Post recovery, you must assess the damage, perform any needed communications, identify lessons learned, and feed learning back into your security plan.
Success factors
Practice your incident response plan before you have to execute it for real. Identify and correct inadequacies in the plan. Apply accepted forensics techniques to preserve evidence. Conclusions CISOs who participated in these roundtables agreed the key to better cyber security and intelligence is thoughtful planning and consistent execution.
These enterprise security best practices are high level, and the devil is surely in the details. But there are key takeaways that should drive the thinking behind every security program: Identify your most valuable assets and protect them by encryption and other data security means.
- Deploy layered defenses that detect and block attacks at the network edge, detect lateral communications within the network, detect successful breaches and quarantine infected systems, and provide the data needed for investigation and remediation. If you develop your own software, scan it for vulnerabilities prior to release.
- Tap into the best threat intelligence available. A security solution is only as good as the threat intelligence behind it.
- Collect and analyze as much data as you can to find the needle in the haystack that indicates hackers are at work.
Related Topics:
The Author: Ala'a Elbeheri
About:
A versatile and highly accomplished senior certified IT risk management Advisor and Senior IT Lead Auditor with over 20 years of progressive experience in all domains of ICT.
• Program and portfolio management, complex project management, and service delivery, and client relationship management.
• Capable of providing invaluable information while making key strategic decisions and spearheading customer-centric projects in IT/ICT in diverse sectors.
• Displays strong business and commercial acumen and delivers cost-effective solutions contributing to financial and operational business growth in international working environments.
• Fluent in oral and written English, German, and Arabic with an Professional knowledge of French.
• Energetic and dynamic relishes challenges and demonstrates in-depth analytical and strategic ability to facilitate operational and procedural planning.
• Fully conversant with industry standards, with a consistent track record in delivering cost-effective strategic solutions.
• Strong people skills, with proven ability to build successful, cohesive teams and interact well with individuals across all levels of the business. Committed to promoting the ongoing development of IT skills throughout an organization .
Post a Comment