It is well recognised that maintaining a good track record in information security management is now, on the whole, a significant board-level agenda item. From an HM Government perspective, cyber security is in the top four national threat categories and therefore should be a key business objective.
Mid-tier organisations especially, face huge challenges to dynamically manage and efficiently report on security risk across diverse and rapidly evolving threat landscapes. Vital asset protection across multiple technologies, is becoming increasingly difficult, made worse due to limited skilled resource and budget constraints. As businesses demand greater operational flexibility and competitive advantage from their IT assets, managing compliance and associated risks gets exponentially harder to address.
Cyber security professionals may do well to compare their risk management visibility and control model to those of aircraft and ship systems. Modern aircraft use ‘glass cockpits’ for displaying at-a-glance vital positioning, performance and risk information essential to safe flight e.g. weather radar (threat intelligence). Ships use consolidated displays, for example in engine rooms, where many plant components require dynamic monitoring to ensure efficient operation and damage prevention e.g. propeller shaft bearings stress and temperature (risk metrics). These monitoring systems have evolved to deliver effective risk management embracing human, environmental, mechanical, electrical and ICT performance factors.
Like many businesses and organisations, aircraft and ships have clear mission objectives and their command and control systems visibility totally reflect achieving them in a safe, timely and efficient manner. The good track record of these transport modes means that we don’t give much thought to using them and are pretty confident in safely reaching our destination. Using the lessons learned from managing other critical infrastructure, cyber security professionals would benefit tremendously from a single, modular console to highlight key threats.
The adoption of a ‘framework core’ e.g. Identify – Protect – Detect – Respond – Recovery, provides a foundation on which to work towards achieving specific cyber security outcomes.
Continuous monitoring and detection processes for anomalies and events are understandably critical to framework goal achievement. Effective clarity on this requires accurate and integration with, and dynamic information input from a wide variety of sources.
Existing IT systems, networks, security technology, applications and monitoring tools can provide a valuable array of available information sources. However, the time it takes to view siloed tools for example, correlate important information, make meaningful sense of it all and act accordingly, can divert resource away from other high priority tasks and cause cost in-efficiencies. Minimising time to effectively remediate high-risk issues, is a growing concern.
Adopting the use of a central console or ‘dashboard’, supported with relevant on-tap advanced technical expertise, is a strong aid towards overcoming these problems. By taking important information from multiple sources e.g. End-Point Security, Proactive Threat Intelligence, Cloud Security Management, IAM/MFA, AD, Firewalls, ‘SoC in the cloud’ based SIEM, and adding this on a modular basis to a dashboard, enables a real-time visibility ‘glass cockpit style’ management methodology. It can also provide an effective view point for IT, Network, Risk and other departmental managers, to help them work collaboratively and enhance service delivery programmes. Adding other performance inputs from network and server systems for example, can aid management ‘up and down the OSI 7-layer model’, events correlation, application support and SLA measurement.
Fragmented ad-hoc versus streamlined? A centralised dashboard should enhance compliance management efficiency, especially for providing evidence of continuous proactive security monitoring, reporting, remediation and trending. Ease of dashboard adaptability is important to enabling the integration of existing and new technology as infrastructure evolves, and for reducing vendor dependency.
For more information on how Intergence can help with your security needs please contact us on 0845 226 4167 or firstname.lastname@example.org