You know that saying everyone uses “drinking water from a fire hose?" Cyber Security is nothing like that! Before I joined VioPoint, I saw commercials on TV, where everyone is sitting in a huge SOC and some guy in the corner yells “we have a breach!” I think everyone has seen something along those lines in a commercial or movie. Yes, there are moments you need all hands-on deck and yes, you most likely go to bed hoping that never happens to you. But, what I want to talk about is helping you understand cyber security is a daunting task. There are layers and layers of defense options that benefit your organization, you just need to know what your appetite is to implement those layers.
Information Is Knowledge
So where do you start? You start by reading and then reading more and when you want to tap out, you read just enough to bring you to your breaking point. With the rapid growth in technology, something new is coming out every week and it is easy to get caught up in the hype of the next best thing. Take a step back, look at your environment and evaluate what you currently have in place (if anything at all). Number one- in my opinion is gather everyone you value as a decision maker in your company and build an incident response plan. Your plan does not need to be the next American novel but it needs to help you mitigate an issue as soon as possible when you have an incident. Yes, I said when you have an incident, you are not exempt because you think you are too small or your information is not valuable. Your job is important to you which means everything you work on is valuable. Having an incident response plan gives everyone a clear role on what to do, when you may have to wake up at 3 AM because your CIO is calling you.
You have your incident response plan; everyone agrees, they are ready for the day. Great! Now, where are your strong points and weak points in your organization and how do you identify those? You conduct a Critical Security Controls Risk Assessment. I have worked with multiple clients on this type of engagement, and I personally think the CIS Controls are your next step. I like the assessment because it provides you a broad understanding of your network and how you can build an effective roadmap to implement throughout the year or longer (great for your budget push). Speaking of budget, your assessment is going to show you quick wins you can do on your own without seeking and external resource *This is the moment you look like a 90’s wrestler making their entrance and everyone is cheering*(I was born in 1984 so I had to drop that image in your head). Therefore, I truly believe in a risk assessment, it provides you value and direction. You will not be able to do everything on your own but there are organizations capable of helping you with further needs (ex: monitoring, vulnerability management, pen testing, endpoint management).
Information In Digestible Pieces
Remember, I am looking at this from the perspective you are just building your organization’s security posture. I could keep going with this right now, but InfoSec is better in pieces. I will touch on programs and projects in part two.
Interested in learning more, Click the Call Me Now! and A VioPoint associate will be with you shortly.