How to Approach IT Security Like Homeland Security
-
How to Approach IT Security Like Homeland Security
By Karen A. Frenkel -
Identify Your Endpoints
Take inventory of both your organization's technical and physical processes. Endpoints, and the people who operate them, should all be within the scope. -
Evaluate Your Assets
Whether your organization's most valuable assets are mobile devices, computers or certain employees, know who and what to rely on in critical situations. -
Understand Your Threat Landscape
Everyone within the organization should have a basic understanding of its unique threat landscape. Many data breaches are caused by unwitting security lapses. Today's mobile workers often use their personal devices for work and vice versa. Good security overlays good business processes and reinforces them. -
Understand Organizational Risk Tolerance
Various levels of protection are acceptable for different organizations. A health-care organization has different compliance regulations and security standards than credit unions, for example. Know what level of protection your organization needs. -
Top-Down Approach
Top-down security goes hand-in-hand with understanding your threat landscape. Enterprise security issues should stay within the IT department's walls; they must be supported from the top down. C-level executives must work together and become better educated about their organization's cyber-security practices. -
You Will Be Attacked So Be Prepared
No perimeter is impenetrable. Balance your perimeter, internal and high-value asset defenses; resources are not unlimited and trade-offs must be made. -
Eliminate False Positives
The perimeter is dissolving, the end point is under assault, and IT is inundated with false positives. Spotting actual threats drain resources, yet threats are often discovered too late. If your organization doesn't have the internal resources to sift through thousands of detected threats daily, employ a managed security solution that can. -
Find and Address Vulnerabilities
Unpatched code is the conduit for 50% of successful attacks and insider threats, both deliberate and unintentional, contribute to an organization's vulnerability. Create stricter access controls and initiatives aimed at mitigating insider threats. Security awareness training and education can greatly mitigate unintentional insider threats. -
Collect and Store
A security operations element will rely heavily on data and observations as opposed to notifications, particularly during the building phase. In intelligence applications, the most useful data may not be identified in advance so it's stored as much as possible. Unless you are sure you know what you need, it's wise to cast a wider net. -
Use Big Data Analytics
Big data analytics should be part of your security posture. Organizations need the ability to find patterns, and from that, anomalies, in their ongoing effort to defend their assets. -
Invest in People
Spend money to hire and retain top talent, either internal or outsource. Technology-only solutions are becoming increasingly sophisticated, but humans are more efficient at a vast collection of tasks, such as determining if observed events in a potential victim's environment are truly malicious, or simply benign activities. -
Continually Test yourself
Once you have mastered these tips and during the build-up, test your systems. Don't cop out with a cheap penetration test. Find a vendor who will really put your through your paces and simulate these tests as often as you can afford.
President Obama has identified cyber-security as a top national security challenge and has ordered a review of federal efforts to defend the U.S. information and communications infrastructure. The goal is to develop a comprehensive approach to securing America's digital infrastructure. While your organization may not have the budget, resources, experts or technology of our national government, organizations of all sizes can benefit from applying the same security approaches as the Department of Homeland Security to their own enterprise security, said Brian Beyer, CEO of Red Canary. The company specializes in threat detection and response. National security, and intelligence in particular, is driven by access to information (vulnerabilities and threats) and the ability to refine that information into actionable intelligence to identify, investigate and respond to an attack immediately. Here are Beyer's tips to help you defend your business.