It is well recognised that maintaining a good track record in information security management is now, on the whole, a significant board-level agenda item. From an HM Government perspective, cyber security is in the top four national threat categories and therefore should be a key business objective.
Mid-tier organisations especially, face huge challenges to dynamically manage and efficiently report on security risk across diverse and rapidly evolving threat landscapes. Vital asset protection across multiple technologies, is becoming increasingly difficult, made worse due to limited skilled resource and budget constraints. As businesses demand greater operational flexibility and competitive advantage from their IT assets, managing compliance and associated risks gets exponentially harder to address.
Cyber Security Risk Management Visibility
Cyber security professionals may do well to compare their risk management visibility and control model to those of aircraft and ship systems. Modern aircraft use ‘glass cockpits’ for displaying at-a-glance vital positioning, performance and risk information essential to safe flight e.g. weather radar (threat intelligence). Ships use consolidated displays, for example in engine rooms, where many plant components require dynamic monitoring to ensure efficient operation and damage prevention e.g. propeller shaft bearings stress and temperature (risk metrics). These monitoring systems have evolved to deliver effective risk management embracing human, environmental, mechanical, electrical and ICT performance factors.
Like many businesses and organisations, aircraft and ships have clear mission objectives and their command and control systems visibility totally reflect achieving them in a safe, timely and efficient manner. The good track record of these transport modes means that we don’t give much thought to using them and are pretty confident in safely reaching our destination. Using the lessons learned from managing other critical infrastructure, cyber security professionals would benefit tremendously from a single, modular console to highlight key threats.
The adoption of a ‘framework core’ e.g. Identify – Protect – Detect – Respond – Recovery, provides a foundation on which to work towards achieving specific cyber security outcomes.
Continuous monitoring and detection processes for anomalies and events are understandably critical to framework goal achievement. Effective clarity on this requires accurate and integration with, and dynamic information input from a wide variety of sources.
Existing IT systems, networks, security technology, applications and monitoring tools can provide a valuable array of available information sources. However, the time it takes to view siloed tools for example, correlate important information, make meaningful sense of it all and act accordingly, can divert resource away from other high priority tasks and cause cost in-efficiencies. Minimising time to effectively remediate high-risk issues, is a growing concern.
Adopting the use of a central console or ‘dashboard’, supported with relevant on-tap advanced technical expertise, is a strong aid towards overcoming these problems. By taking important information from multiple sources e.g. End-Point Security, Proactive Threat Intelligence, Cloud Security Management, IAM/MFA, AD, Firewalls, ‘SoC in the cloud’ based SIEM, and adding this on a modular basis to a dashboard, enables a real-time visibility ‘glass cockpit style’ management methodology. It can also provide an effective view point for IT, Network, Risk and other departmental managers, to help them work collaboratively and enhance service delivery programmes. Adding other performance inputs from network and server systems for example, can aid management ‘up and down the OSI 7-layer model’, events correlation, application support and SLA measurement.
Fragmented ad-hoc versus streamlined? A centralised dashboard should enhance compliance management efficiency, especially for providing evidence of continuous proactive security monitoring, reporting, remediation and trending. Ease of dashboard adaptability is important to enabling the integration of existing and new technology as infrastructure evolves, and for reducing vendor dependency.
For more information on how Intergence can help with your security needs please contact us on 0845 226 4167 or email@example.com
Councils across the UK are under increasing pressure to reduce business costs, whilst improving customer experience and customer satisfaction. Digital change is widely seen by the sector as the main way to deliver better services and make better use of public funds.
The pandemic has created new challenges to organisations across most industries, that many were not prepared for, none more so than the travel and transportation sector. Although leisure travel has resumed and the demand on freight services is rising, there still remains extreme uncertainty in the industry. The pressure on margins and market share is higher than ever before. As a result companies are looking for new ways to reduce costs and improve efficiency throughout their organisations and Human Resource departments are not immune from that drive.
Working from home has become the ‘new normal’ for most people during the global COVID-19 pandemic, and based on recent surveys, nearly half of employees working from home want to continue with this. Businesses are now turning to their trusted network partners to show them a quick, simple and affordable way to transform unreliable and ‘flaky’ home broadband into a secure, resilient and performant extension to the corporate WAN and Cloud services.
The Coronavirus outbreak has made all of us realise how vulnerable we can be to an unexpected event which is almost impossible to plan for from a business perspective