The ideal approach to cyber security is a proactive one, and by proactive we mean staying ahead of threats and detecting them BEFORE they happen.
Of course, proactive information security and risk management requires a toolbox of strategies, workflows, and software tooling to help identify and ultimately protect against threats. NCSAM’s “Own It. Secure It. Protect It.” campaign is the perfect excuse for us to give you our two cents on steps that you can take to bolster proper protection of your organization.
To aid organizations on their journey toward creating a more secure environment, the Center for Internet Securityoffers a series of CIS controls. These controls range from foundational, to quickly establish the foundational barriers where the most common breaches can occur, to advanced measures. Properly implemented in your organization, these 20 CIS Critical Security Controls ensure a solid foundation for engaging a more proactive cyber security approach.
Using this framework,the starting point to effectively harnessing and/or owning risk is knowing what systems need protecting, where those systems are located, and who has access to them. Active reconnaissance lets you map your network and protect against exploitations.
This is where you’ll also want to audit your existing IT ecosystem. This ecosystem map should include every element of your networks, servers, infrastructure, operating systems, applications, and data. It is only through this map of your IT systems that you can identify attack vectors and threats. Additionally, this allows you to begin to understand your current state of cyber hygiene.
Once you understand the potential threats to your IT security, you’ll want to understand the existing tools and plans you have in place to address cyber security threats, *cough, cough – Secure It*.
Next, you’ll want to implement a risk-based approach by identifying potential threats, rating each one based on the likelihood to occur and potential impact to the organization. Lastly, use this information to prioritize which risks you’d deal with first, *aka Protect It*.
Join us next week as we tackle how to understand the existing tools and plans that you have at your disposal ~securing your environment~ before ending the month with the prioritization of ~protecting your environment~.
Moreover, National Cyber Security Awareness Month is aimed at helping organizations make incremental improvements, and we’re pleased to help contribute to getting the word out on what this looks like in practical terms.