Page 71 - Cyber Warnings
P. 71
7. Data protection, managing rules for what can or cannot be sent and received. This must
include encryption of all data and filtering what data can be received and sent. Watch out
for those quantum computers, a few already exist. Encryption algorithms are going to
need to be changed sooner than later to protect from quantum based code breaking).
Microsoft has strong capabilities in the data protection space.
A PLAN TO COVER ALL
Most of the time the security staff is so busy bailing water there is no time to patch the holes, let
alone row faster.
1. Make sure you have the in-house skills and capacity to properly implement security. If
not, train and or hire. You cannot fight a war without trained soldiers.
2. Once you decide to make your business secure, you must commit to producing and
executing a clear and effective security strategy. A security strategy is not what you
think you should do that is tactics, strategy is a comprehensive plan to become better
than you are.
3. Identify all the holes in your defenses and rate how well your current infrastructure can
handle them based on current and future threats.
4. Replace, or re-architect everything that is weak. Do not put vulnerabilities on the back
burner for a future budget. Explain to executive leadership, if they want to use
technology they need to do it securely. They really do not have a choice. Be frugal but
smart, cover all credible threats. and mitigate all risks.
5. Ensure processes and governance are in place to make sure management of the
security infrastructure is robust, tested regularly and has management controls to ensure
every element is carried out.
Will this be 100% secure? Absolutely not… but it will be drastically better than before and you
will be demonstrating your due diligence to the board, that you have made every effort to protect
the company brand, intellectual property and assets. Not to mention the company’s reputation.
MAKE IT HAPPEN
Hire an expert to bring in methodology, teach your staff how to create and most importantly how
to successfully execute a security strategy. This is not just paper, but a process, organization,
budget, management, governance, auditing, continuous improvement and a lot of hard work.
1. Make sure all the basics are solid, tested and have no holes.
71 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
