Aug 16, 2016 Seven Steps To Improve Your Enterprise Cybersecurity
Most cybersecurity professionals worry that their security initiatives are not up to snuff. And they’re probably right. Based on the Nemertes 2016/2017 Cybersecurity Benchmark and Maturity Model, for which we interviewed some of the best and most successful enterprise security firms in the world, many organizations have only a partial mastery of some of the key components required for a mature cybersecurity initiative.
Think you may be one of the ones needing improvement? Check yourself against these seven steps.
1. Start with a risk-based approach. Map all of cybersecurity into business risk, and use the risk assessment to drive investment decisions. Nemertes provides a Business Risk Portfolio assessment; whatever tools you use, base them on business risk.
2. Have a security architecture. You should know what technologies you plan to implement, and how those integrate with one another. Revisit the architecture often (at least annually) as the cybersecurity technology market is in constant flux, and new capabilities and product categories may emerge.
3. Translate that architecture into a roadmap, which provides an action plan for which technologies you will procure, deploy, and yes, end-of-life–and when. And again, revisit that roadmap often (at least annually).
4. Automate wherever possible. Humans can’t do it all, and automated tools are becoming ever more powerful, especially in the emerging area of advanced security analytics.
5. Define and adhere to change management processes. Poor change management introduces the opportunity for vulnerabilities to creep in. Develop–and more importantly, adhere to!– a defined change management process for IT infrastructure and applications.
6. Define an incident response plan. Make sure you know exactly who does what in case of a security incident–and don’t forget to include communications (to your business stakeholders, employees, stockholders, and customers) in that plan.
7. War-game that plan! Don’t let the plan capture dust in a drawer. Practice it on a regular basis–and make the drills as realistic as possible. Make sure to revise and improve the plan based on the output of the war-gaming.
If you follow these seven steps, you won’t necessarily have a perfect cybersecurity initiative–but it will almost certainly be better than the one you have now!