How to Approach IT Security Like Homeland Security
By Karen A. Frenkel
Take inventory of both your organization’s technical and physical processes. Endpoints, and the people who operate them, should all be within the scope.
Whether your organization’s most valuable assets are mobile devices, computers or certain employees, know who and what to rely on in critical situations.
Everyone within the organization should have a basic understanding of its unique threat landscape. Many data breaches are caused by unwitting security lapses. Today’s mobile workers often use their personal devices for work and vice versa. Good security overlays good business processes and reinforces them.
Various levels of protection are acceptable for different organizations. A health-care organization has different compliance regulations and security standards than credit unions, for example. Know what level of protection your organization needs.
Top-down security goes hand-in-hand with understanding your threat landscape. Enterprise security issues should stay within the IT department’s walls; they must be supported from the top down. C-level executives must work together and become better educated about their organization’s cyber-security practices.
No perimeter is impenetrable. Balance your perimeter, internal and high-value asset defenses; resources are not unlimited and trade-offs must be made.
The perimeter is dissolving, the end point is under assault, and IT is inundated with false positives. Spotting actual threats drain resources, yet threats are often discovered too late. If your organization doesn’t have the internal resources to sift through thousands of detected threats daily, employ a managed security solution that can.
Unpatched code is the conduit for 50% of successful attacks and insider threats, both deliberate and unintentional, contribute to an organization’s vulnerability. Create stricter access controls and initiatives aimed at mitigating insider threats. Security awareness training and education can greatly mitigate unintentional insider threats.
A security operations element will rely heavily on data and observations as opposed to notifications, particularly during the building phase. In intelligence applications, the most useful data may not be identified in advance so it’s stored as much as possible. Unless you are sure you know what you need, it’s wise to cast a wider net.
Big data analytics should be part of your security posture. Organizations need the ability to find patterns, and from that, anomalies, in their ongoing effort to defend their assets.
Spend money to hire and retain top talent, either internal or outsource. Technology-only solutions are becoming increasingly sophisticated, but humans are more efficient at a vast collection of tasks, such as determining if observed events in a potential victim’s environment are truly malicious, or simply benign activities.
Once you have mastered these tips and during the build-up, test your systems. Don’t cop out with a cheap penetration test. Find a vendor who will really put your through your paces and simulate these tests as often as you can afford.