Page 19 - index
P. 19
How Operations Affect Cybersecurity
The operations of each organization have a significant impact on cybersecurity posture. Personnel,
processes and technologies must all work together to protect the organization’s assets.
Personnel
Organizations should strive to recruit individuals at all levels who have a fundamental understanding
of common security practices. About 29% of breaches that occurred in 2014 were caused by
employee-related errors.
Regular training sessions and periodic recertification of security requirements should be offered,
backed by policies such as “clean desk” and daily shredding to make sure printed information with
confidential data is not leaked.
Cybersecurity personnel should have a deep knowledge of best practices including those
established by the National Institute of Standards and Technology (NIST), the Information Systems
Audit and Control Association, (ISACA) and SANS Institute (SANS).
Employers should institute sound hiring practices such as background and reference checks for all
security personnel, and arrange a demonstration of their skills.
Depending on the company’s structure and size, it can be worthwhile to put in place an independent
Chief Information Security Officer (CISO) and dedicated staff responsible for ensuring technology
and information assets are adequately protected. Outsourcing of the function is possible, but a
clear understanding of vendor management risk is essential.
Leveraging Processes
Day-to-day processes have a tremendous impact on the cybersecurity posture of a company.
Controls should be deployed that are automated and preventive to minimize information and
cybersecurity-related risks.
As companies grow, many rely on detective controls to manage their operations, usually through
the IT department. For example, about 43% of organizations surveyed say that they still manually
review logs.
The manual review of logs is a difficult and sometimes incomplete process. It is a better use of
security personnel to design and implement preventive controls and real-time monitoring techniques
and processes in cooperation with Compliance and Internal Audit.
Along with other measures such as: adequate review of personnel; disabling USB ports on PCs;
and automated scanning of emails for sensitive or confidential information, these improved
processes will decrease the likelihood of data leakage.
Strengthening IT controls can also increase the efficiency of other business functions – a win/win.
19 Cyber Warnings E-Magazine – September 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
