Page 18 - index
P. 18
This all underlies the dangers of falling into the trap of over-confidence. IT should do everything
it can to ensure the best defences possible, but never actually think everything needed to create
a secure infrastructure is done. In order to do this, IT should consider the following:
• Get back to basics: First of all, confirm your organization has security best practices
established. If not, create them. By maintaining records of procedures, every IT
employee—not just the security admins—can immediately pick up the playbook and help
out if necessary. These best practices should go beyond just testing and incident
response policies, they should also include internal contact information, vendor and
security tool information and more. Also, once developed, follow the security best
practices. This is where the rubber meets the road—in the operationalization of the
guidelines and policies that the organization should adhere to.
• Take a data-centric approach rather than a network-centric approach: Instead of thinking
in terms of the number of VPNs or where to install firewalls, IT should think in terms of
where and how data is stored, and how attackers will try to access and use it. Break it
down in terms of most sensitive data first and work out from there.
• Assign a dollar value to risk in order to show direct impact of how security success—or
failure—directly impacts the business: This will not only gain corporate buy-in toward
more resources and personnel, but showcase the value of IT security as a true revenue
protector within the organization.
• Consider what kind of IT tools are really needed according to business needs: High-end,
complex enterprise-grade security tools are only helpful if they’re being utilized correctly
and to capacity. IT tools are far more effective when they directly meet business needs,
aren’t constantly scrutinized from a budgetary perspective and are easily implemented
and used on an ongoing, regular basis.
In summary, while IT professionals’ confidence in their organizations’ security readiness is high,
likely as the result of several positive developments, these same organizations continue to
suffer from damaging attacks, indicating the confidence could be a false sense of security
preventing them from more closely following security best practices and safeguarding their
organizations’ infrastructure. However, by following the best practices outlined here, they can
ensure they are proactively taking all the steps necessary to truly protect their organizations’
sensitive data.
About the Author
Mav Turner is the director of SolarWinds’ security portfolio. He has worked in IT
management for over 14 years, including roles in both network and systems
management prior joining SolarWinds in 2009.
18 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
