How to Approach IT Security Like Homeland Security

 
 
By Karen A. Frenkel  |  Posted 07-02-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    How to Approach IT Security Like Homeland Security
    Next

    How to Approach IT Security Like Homeland Security

    By Karen A. Frenkel
  • Previous
    Identify Your Endpoints
    Next

    Identify Your Endpoints

    Take inventory of both your organization's technical and physical processes. Endpoints, and the people who operate them, should all be within the scope.
  • Previous
    Evaluate Your Assets
    Next

    Evaluate Your Assets

    Whether your organization's most valuable assets are mobile devices, computers or certain employees, know who and what to rely on in critical situations.
  • Previous
    Understand Your Threat Landscape
    Next

    Understand Your Threat Landscape

    Everyone within the organization should have a basic understanding of its unique threat landscape. Many data breaches are caused by unwitting security lapses. Today's mobile workers often use their personal devices for work and vice versa. Good security overlays good business processes and reinforces them.
  • Previous
    Understand Organizational Risk Tolerance
    Next

    Understand Organizational Risk Tolerance

    Various levels of protection are acceptable for different organizations. A health-care organization has different compliance regulations and security standards than credit unions, for example. Know what level of protection your organization needs.
  • Previous
    Top-Down Approach
    Next

    Top-Down Approach

    Top-down security goes hand-in-hand with understanding your threat landscape. Enterprise security issues should stay within the IT department's walls; they must be supported from the top down. C-level executives must work together and become better educated about their organization's cyber-security practices.
  • Previous
    You Will Be Attacked So Be Prepared
    Next

    You Will Be Attacked So Be Prepared

    No perimeter is impenetrable. Balance your perimeter, internal and high-value asset defenses; resources are not unlimited and trade-offs must be made.
  • Previous
    Eliminate False Positives
    Next

    Eliminate False Positives

    The perimeter is dissolving, the end point is under assault, and IT is inundated with false positives. Spotting actual threats drain resources, yet threats are often discovered too late. If your organization doesn't have the internal resources to sift through thousands of detected threats daily, employ a managed security solution that can.
  • Previous
    Find and Address Vulnerabilities
    Next

    Find and Address Vulnerabilities

    Unpatched code is the conduit for 50% of successful attacks and insider threats, both deliberate and unintentional, contribute to an organization's vulnerability. Create stricter access controls and initiatives aimed at mitigating insider threats. Security awareness training and education can greatly mitigate unintentional insider threats.
  • Previous
    Collect and Store
    Next

    Collect and Store

    A security operations element will rely heavily on data and observations as opposed to notifications, particularly during the building phase. In intelligence applications, the most useful data may not be identified in advance so it's stored as much as possible. Unless you are sure you know what you need, it's wise to cast a wider net.
  • Previous
    Use Big Data Analytics
    Next

    Use Big Data Analytics

    Big data analytics should be part of your security posture. Organizations need the ability to find patterns, and from that, anomalies, in their ongoing effort to defend their assets.
  • Previous
    Invest in People
    Next

    Invest in People

    Spend money to hire and retain top talent, either internal or outsource. Technology-only solutions are becoming increasingly sophisticated, but humans are more efficient at a vast collection of tasks, such as determining if observed events in a potential victim's environment are truly malicious, or simply benign activities.
  • Previous
    Continually Test yourself
    Next

    Continually Test yourself

    Once you have mastered these tips and during the build-up, test your systems. Don't cop out with a cheap penetration test. Find a vendor who will really put your through your paces and simulate these tests as often as you can afford.
 

President Obama has identified cyber-security as a top national security challenge and has ordered a review of federal efforts to defend the U.S. information and communications infrastructure. The goal is to develop a comprehensive approach to securing America's digital infrastructure. While your organization may not have the budget, resources, experts or technology of our national government, organizations of all sizes can benefit from applying the same security approaches as the Department of Homeland Security to their own enterprise security, said Brian Beyer, CEO of Red Canary. The company specializes in threat detection and response. National security, and intelligence in particular, is driven by access to information (vulnerabilities and threats) and the ability to refine that information into actionable intelligence to identify, investigate and respond to an attack immediately. Here are Beyer's tips to help you defend your business.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...