buchachon - Fotolia
Achieving cybersecurity readiness: What enterprises should know
Enterprises need to be ready to act in the face of security incidents and cyberattacks. Expert Peter Sullivan outlines seven elements of proper cybersecurity readiness.
A cybersecurity readiness plan presents and discusses fundamental objectives that organizations must achieve in order to consider themselves cybersecurity ready. While this cybersecurity checklist is not comprehensive, these objectives are the minimum required to give an organization a reasonable level of cybersecurity awareness and focus on protecting critical information assets.
For the purpose of this article, cybersecurity readiness is defined as the state of being able to detect and effectively respond to computer security breaches and intrusions, malware attacks, phishing attacks, theft of data and intellectual property from both outside and inside the network.
A critical piece of this definition is "being able to detect." Detection is a place where significant improvement can be made from the current 9 to 18-month detection threshold; a faster detection capability would limit damage caused by an intrusion and lower the cost of recovery from that intrusion. Being able to understand routine network operations and to detect when network operations stray from a normal definition or baseline of activity is an important element of cybersecurity readiness. Here is a cybersecurity checklist of seven objectives for enterprises to consider:
Cybersecurity readiness objectives
1. Cybersecurity plan: To achieve any goal or objective, a plan that provides guidance toward those goals and objectives is essential. Cybersecurity is no different than any other kind of endeavor in that regard. In this context, cybersecurity readiness is the overarching goal and a cybersecurity plan is the first of several objectives that lead to a state of cybersecurity readiness.
An example objective in a cybersecurity plan might be: Protect customer and employee personally identifiable information, financial information and protected health information from theft, perusal, unauthorized disclosure and unauthorized changes by threat actors located either inside or outside of the network.
In the cybersecurity plan, objectives are defined and a timetable, milestones, measures and metrics are established for each objective.
2. Risk management: Information security is an operational risk management activity. Using risk management techniques will help:
- Identify critical information assets, as a minimum. A risk management program can be extended to also identify critical people, business processes and technology.
- Identify why the chosen critical assets are necessary to daily operations, mission accomplishment and continuity of operations.
- Understand the risk environment that threatens these critical assets.
3. Identity management: This is made up of various plans, policies, procedures and technology aimed at providing appropriate access to information resources and an understanding of how those resources are used and by whom. The required plans, policies, procedures and technology include:
- Access control. This is strongly connected to identity management, which is required to distinguish users from one another, and allow the appropriate delivery of services and access to resources.
- Authentication. Identity management also provides for authentication. Authentication as part of identity management is required to validate a digital identity.
- Authorization. Authorization management is concerned with user rights and permissions. User rights and permissions are determined by organizational policy.
- Accountability. This is understanding who is doing what on the network. Authentication, authorization and accountability all depend upon identity management.
4. Network monitoring: This enables seeing and understanding the security context of every packet that enters and leaves the corporate or agency network. To effectively monitor a network is to be able to see and understand what information is flowing in, out and through the network and to know whether that flow of information is wanted, unwanted, appropriate or inappropriate. Appropriate monitoring programs and protocols will enable an organization to recognize more quickly when a change to expected network operations occurs and when unexpected and unwanted network activity occurs.
5. Security architecture: A strong network security architecture that allows for secure local, wide-area and remote communication is a necessary component of being able to control and understand how the network is operating and enables network monitoring.
6. Asset, configuration and change control: This includes the software update process, inventory control, change management and internal assessment. If not properly managed, each of these areas often represents significant sources of vulnerability and risk to the network.
7. Incident management mapability: This is concerned with effective response to security incidents. Effective response can lower the amount of damage done and reduce the time and cost of recovery.
These seven elements of cybersecurity readiness are critical components that an organization needs to possess for a high degree of situational awareness into its network operations and network utilization. Without a comprehensive understanding of its most important information assets, how its information systems and networks operate, how its information systems support business operations, and what information is moving in, out and through its networks, an organization cannot achieve cybersecurity readiness.
Editor's note: The next article in this series will look at the cybersecurity plan and how to set cybersecurity goals, objectives, measures and metrics that support cybersecurity readiness.
Read more on lessons from government cybersecurity problems
Find out how to improve an enterprise's information security culture
Discover how tabletop exercises can help enterprises with cybersecurity