From struggling and surviving, to a fully supervised security program..
Every day we see companies are struggling with running an smooth security program. No matter how much you are spending on it, the difference is not that much from zero budget to million dollars security budgets, regardless of how much we are spending on security initiatives, we never really have a chance to step back and see the very positive and reliable result of our investment.
Every single day adversaries are finding new ways to hurt our businesses and we, tech guys, are creating “solutions” to address today’s challenges months, years and sometimes decades later!
We simply are trying to survive, but what could we do better to not only survive the reckless cyberspace but also thrive to a stronger position where the security is not a hassle anymore. let’s look at some practical countermeasures:
* stick to a management system
for a moment forget about technology and tools and get back to basics. A management system could totally fulfill whatever you need in terms of handling processes and not being worried about base of your operation. You can invent the wheel again or you can choose from thousands of management systems, but first ask experts which system fits your needs or bring professional on-board to implement a system fully customized to your work flow from scratch, also believe me, without a management system of any kind and approach, you will be still at the first step after years spending your precious time, which is that “surviving” approach.
* set objectives
any project has a set of goals which are measurable and achievable. Objectives are neither like: having a more secure network…or, setup RDP filtering on firewalls…there are more like reducing current number of entry points to network…or, assessing current remote protocol insecurities…
objectives help you better understand what are trying to get from your management system, and where resources have to be focused. This topic is also related to Risk approach which I think is the fundamental and background of the management system.
* constantly measure
These are checkpoints where you can tell precisely and by evidence if you are on the track, and the more you measure and automate the process, the more you get close to a proactive system and faster accomplishing each of objectives. Through measurement you can tell of direction is write or wrong, or what is wrong or right.
* plan for corrective and preventive actions
with each measurement you need to define corrective actions if the result is not expected or the pace is slow, and the plan to enforce these corrective actions is the key to a smooth security program, otherwise you will be struggling with past actions while new ones arrive.
* be responsive to facts not fictions
computer security industry is full of fictions, and we mostly spend time and money on things which are either not important or can be tackled from root, so let me give you an example:
taking Advil when you catch flu is just a pain killer, only for passing time without suffering from flu symptoms, just to survive, because we do not know how to handle flu virus in 21st century (or maybe we know but we don’t want to disclose?!), and that is similar to running a virus scan on your network when you get a virus infection!
Cyber security facts have not been changed since the beginning of this subject in human history, so once you know about the facts you see how it is easy to address them without Advil!