Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
JANUARY 2018CIOAPPLICATIONS.COM 19Good operations and maintenance just happensThe recent Equifax breach was just the latest in a long string of examples where routine O&M would have been worth the savings in time, money, and reputation. If your IT shop full of heroes that constantly tackle break/fix tasks, that's a strong indicator that change management is subpar. Put time in your team's project schedule to handle the inevitable O&M tasks. How much time you ask? Just look into how late the last few major projects were or how long lower priority projects got shifted to the right.Operational teams have visibility Unify visibility wherever practical. Consider integration of ticketing systems and IT workflow orchestration. The field has improved over the years, but all the operational stakeholders must be part of the selection. Key data fields can make or break an orchestration solution, and your organization's various operational teams can tell you what their unique need for those fields are. Achieving unification is particularly challenging for organizations going through mergers. If the company is one that regularly buys smaller companies, it's best to invest in security or IT Service management tools that offer a wide range of integration capabilities. Most cybersecurity organizations segregate security systems from the production systems. Over time, there's an increased cost to maintain a separate security infrastructure, Active Directory domain, and hardware or VMs. Depending on the risk profile of the systems being monitored, there may be opportunities to separate these logically with the right ability to control access, monitor, and respond. Professional development is thoughtfully investedSending someone to NewStuffCon because they did a great job isn't the best value. If you don't know where to start, NIST maintains the National Initiative for Cybersecurity Education (NICE) framework that can help you structure a comprehensive education plan. Some progressive vendors are bundling specialized cybersecurity training with other services like phishing exercises. Finally, cross training IT personnel can give your team exposure to cybersecurity skills they can apply to their specific areas of expertise. Real cybersecurity incidents are used to review plansCybersecurity incidents are inevitable. Your incident response team should periodically select key incidents, particularly those that got leadership attention, and review how the event happened and how it was identified, analyzed, contained, remediated, and communicated. Analyze activities that deviated from the plan. Real life experiences are always more effectively internalized than the best laid plans.Adequate time and effort go into planningSecurity is an integral part of IT architecture, and the converse of that is true as well. Too often, organizations develop system designs, send off the final draft diagrams for security to review, and then become frustrated at the numerous changes. Security should be fully integrated into the overall design from the onset.Developing requirements is worth the time and effort. If a requirement is defined as a specific technology, keep clarifying until the requirement is spelled out as an expected design function and/or outcome. Consider the risk tolerance of the organization and risk profile of the system. Don't develop security requirements that exceed the needs of the system (for example, encrypting data that's publicly shared anyway.)Managers know the difference between "best practices" and opinionThis is usually synonymous with, "this is the way we've always done it". A true best practice will be documented in guidelines from reputable professional organizations and will have implementation standards. There is a reason why they are endorsed by large constituencies within a profession. The individual opinions of key team members are valuable but people must be able to articulate their reasoning, not necessary on the spot during a heated meeting but at least over many discussions with colleagues during planning. Scott BrausSecurity must be fully integrated into the overall design from the onset
< Page 9 | Page 11 >