©2018 by IS Centurion. Proudly created with Wix.com

State of Readiness

Continued effective defences and being prepared to respond to unusual events or suspicious activities are key to maintaining a good security posture.

Much like the Romans invention of the strategy of 'Defence in Depth', a good security posture requires multiple, independent, layers of protection.  Each of these layers requires team members to take ownership and accountability for ensuring that their layers of defence remain effective.

​Essential to the support of good security posture is the ability to demonstrate alignment with industry best practices, e.g.

  • ​ISO/IEC 27001:2013​

  • NIST CSF

  • PCI DSS v3.2.1

  • CIS 20 CSC v7

  • ISF SoGP

 

Recommendations

  • If you already have aligned your most critical business operations with an industry best practice, consider the benefits of bringing in an external specialist to evaluate the maturity of your processes and to help provide ideas that may provide further enhancements.

  • Providing reassurance as to the 'Readiness State' of your compliance is extremely difficult and to avoid the additional difficulties of trying to maintain numerous spreadsheets, pivot tables, etc.  Therefore, IS Centurion recommends that you investigate the potential benefits of implementing an integrated risk management platform.  This will help provide visibility of your controls status, compliance with regulations, asset management and support informed risk decision making.

  • Prepare for the unexpected (think WHEN, not IF).  How well can your business respond to incidents that result in critical data being altered, stolen or not being available to you, at that critical moment (including the supporting IT systems)?

    • Do you have an effective Incident Response Plan (IRP)?​

    • Are your IRP team members well versed in their duties (often an incident will cause panic and confusion)?

    • What are your plans for business continuity?

    • What would be the impact on your business should an essential operation be unavailable?

 

Summary

Safeguarding your business from the actions of a 'Cyber-Aggressor' should be at the forefront of any business executive and the reality is that no organisation can ever be 100% secure.  However, the sensible application of and management of appropriate countermeasures will help you to become a less desirable target.

Remember:

  • Cyber-criminals are looking for the easiest victims and do not want to waste too much time circumventing a comprehensive suite of security layers.  The time spent breaking through your layers, is the time they could be spending to profit from your weaker competitors and the greater their chance of getting caught.  However, if your layers of defence are being poorly managed (leaving gaping holes) the first time you become aware is after the 'Cyber-Aggressor' has done their worst.

  • Changes to regulatory and legal requirements may require you to be able to demonstrate your maintenance of appropriate Defence in Depth as part of Business As Usual (e.g.  GDPR, PCI DSS, etc.).

Check out the list of useful resources...

A list of recommended vendors to help you identify solutions that can enhance your Cyber Defences