If you think you can put together a top-notch security plan, roll it out, and relax, think again. The best advice I can give anyone concerned with security is to abolish the “set it and forget” mentality. Look around; I doubt you can find that one locked room, with the one mainframe, where all your data is stored. In today's world—as security threat changes daily —organizations need to address this moving target with a well-defined security risk management strategy.
Let’s look at what it really takes to achieve a successful security risk management strategy. Connection defines the security lifecycle and stages so that we can walk everyone through a comprehensive process that can be easily applied to any organization. There are numerous conditions and complexities that must be considered, but let’s take a high level look at the stages and the value we deliver along the way. At Connection we break the threat lifecycle down into three critical pillars of excellence:
Protect: We analyze your security risks, and define the people, process, and technology necessary to bring that risk into an acceptable range.
Detect: We define the appropriate people and process, and implement the necessary technology to detect when security breaches occur.
React: Our program services empower you to react quickly and decisively to lock the breach down without compromising critical systems or data.
This is accomplished through a 5-stage process:
Discover: We start with the "discover" phase where Connection works with your business to conduct a risk analysis to determine what vulnerabilities exist in your enterprise and if they can be exploited. The goal of this stage is for us to help you understand your level of risk, or how the cyber-criminal gets past your current defenses.
This is achieved by identifying and understanding all the assets that are part of the enterprise, whether they are exploitable, and how they are exploitable. This eventually sets your risk level. With a very sophisticated process and industry-leading tools, we evaluate the environment, fixed/wireless networks, applications, data stores, and all assets to determine the vulnerabilities.
Assess: We bring a level of expertise to look at each risk, and based on what real world threats exist today, determine how those vulnerabilities can be exploited, and then help advise the customer on how to prioritize remediation of these documented risks. Start working down that list, from critical to fix over time issues, and help bring all risk into an acceptable level.
Remediate: Ultimately, in order to bring risk into an acceptable range, you must reconcile each of those risk items. The goal here is to reach an acceptable level, associated with PCI, or HIPAA, or GLBA or SOX, other compliance mandates, or even industry best practices. Connection can help in a consultative role by identifying and prioritizing the things you need to do—or we can actually go into an environment and complete the remediation actions.
Implement: Once you've determined your remediation plan, you need to put it into action through implementation. This means you need to put some level of either technology or process into the environment to help deal with the issues, that is, bring your security risk into an acceptable range
To do so, you may utilize a piece of technology. It could be a next-generation firewall implementation. It could be tuning and tweaking of rules and policies. It could be installing end point protection, or data loss prevention. These are all potential and very valid parts of the remediation plan. Connection has very qualified experts, with decades of experience, who can assist and recommend throughout the implementation phase.
Manage: I’d like to encourage everyone to redefine his or her interpretation of “manage.” Let go of the mantra, "I'm doing it, and I'm complying with some rule that I have in my environment by spot checking every year." Actually make sure that you're paying attention to—and can prove—compliancy based upon PCI, or HIPAA, or GLBA for example. And, that over time you have a plan in place to "manage" the process. This means that at any given point in time, you know where you stand, associated with risk and associated with compliancy, and you can show the risk is at an acceptable level.
This area in particular is where customers have come to depend on Connection for managed services. Day in and day out, month over month, year over year, the manager or owner of IT security risk knows where they stand in relation to keeping that risk to an acceptable level based on compliancy requirements, or internal policies.
Having a trusted security partner in Connection yields advice and tools to better manage overall security risk. To summarize, we walk through the entire lifecycle. Educate and discuss the protect, detect, and react stages. We can then discover, assess, remediate, implement, and manage the risks that are in the environment. Customers find it invaluable to have a trusted partner that understands their processes, their business model, meets with their people, understands their program and policies, and then advises them on how best to understand and manage that risk. We integrate security into every aspect of our IT solutions.
To learn more about how you can manage and adapt to the ever-changing security landscape, listen to the full podcast featuring me, Steve Nardone.