Threats & Defenses
Walk, Don’t Run: A Security Framework for a Healthy Network (Part 2)No Business Becomes an Overnight Sensation, Neither Does an Organization’s Security Posture By: Jeff Multz
Just as no business becomes an overnight sensation, neither does an organization’s security posture. It takes time, patience and hard work. You must start with the basics, work up to advanced moves and commit to the business for life. In my security plan “Crawl, Walk, Run,” I present to you, in three separate blog posts, the basic steps to obtaining and maintaining a fit and healthy network.
Last week we looked at the basic steps outlining what organizations need to do to begin a strong cybersecurity. This week we look at what to do after you crawl.
- Monitor your servers, routers, 24/7 in real-time – Attackers can break into your network through your servers or routers as no threat prevention device or software is foolproof. The sooner you discover a threat has entered your network, the easier it is to remediate the threat and lock down perceived vulnerabilities. The quicker you get the threats out of your network, the less difficult and costly it becomes to remove them.
- Continuously monitor and inspect email, file and Web traffic – Bad traffic is going to get into your network somehow, but Advanced Malware Protection Detection (AMPD) tracks traffic to rapidly detect, analyze and diagnose threats, and to provide guidance on their removal.
- Conduct an IT audit (also called an Automated Data Processing (ADP) audit – This audit examines management controls of an organization’s IT systems. The audit assesses controls over the network, logical access, physical access, disaster recovery, application change management, operations and related processes to determine whether your system is safeguarding your assets and operating effectively to achieve company objectives. Be prepared to remediate the findings!
- Perform Risk assessments – This assessment will quantify or qualify your company’s risk, or the likelihood that a threat would exploit a vulnerability in your network. By locating and categorizing your assets, you can then identify and categorize your risks. You can do this one of two ways. You can assign the risks a monetary value or you can rank them on a scale from 1 to 5, based on how likely a threat would attempt to exploit a vulnerability. To conduct a risk assessment properly, your assessor must understand technology, business, finance, compliance and the ways a company will achieve ROI. That way, the assessor can let you know what weaknesses could harm your business the most and which systems are most important to fix.
- Conduct Web app testing – Practically all applications have security vulnerabilities, or holes, that allow attackers to sneak inside your network. A Web app test helps you discover where the holes are so you can plug them. You should a Web app test every time you upgrade or patch a Web app.
- Revisit your Computer Security Incident Response Plan (CSIRP) – Conduct quarterly table-top exercises, making updates as you go. Discuss what worked and didn’t work, and develop areas in the plan that are lacking. Having a CSIRP in force can make the difference between your network being offline for days or just hours. If there’s an incident, it won’t be just a technology issue as there are legal and financial implications to a breach, so business executives will need to be present.
- Conduct Managed Phishing exercises to test the effectiveness of your Security Awareness training program. – Conduct simulated phishing attacks at least quarterly to see how employees respond. The testing should be fully managed and should include an analysis of employee behavior to see how employees are improving and who needs more training.
- Increase your Security Awareness Training – Now that your staff is familiar with the types of activities that may be connected to attackers, conduct random spearphishing email tests every few weeks to understand who is grasping the principles and who needs more help.
- Conduct a Vulnerability Assessment – This test will assess the security of your systems and networks, and will identify vulnerabilities as well as your assets. Your assessor should help you prioritize your assets based on their value, and should recommend controls to mitigate your vulnerabilities.