x
x
Presidio
phone
MENU

Cyber Security Strategy for an All-or-Nothing World

by Joe Leonard, Wednesday, 8 Mar 2017

CIOs and CEOs are well aware of the complexity of devising a successful information security strategy. It must encompass everything from cloud to multiple data centers and distributed office locations to people, processes and technology. Annual vulnerability assessments alone are not enough. And often, in-house resources with cybersecurity expertise to implement remediation efforts are in short supply.

With cybersecurity breaches making the news almost weekly, executive leadership and boards of directors are looking for maximum visibility into their organization’s security posture. They know that any disruption to their information systems can hamper business operations, compromise sensitive data and impact their reputation – not to mention their bottom line.

The increasing number of mobile and IoT devices connected to a typical network only adds to the vulnerability. For example, IoT devices were part of a large-scale distributed denial of service attack that resulted in a massive Internet outage on the East Coast. If the network had been properly engineered and segmented, this could have been prevented.

So where do you start? How do you know you have enough protections in place? And how do you know that you are getting the right amount of protection in return for your security investments?

FIVE STEPS TO MITIGATING CYBER RISK
By taking a holistic approach to cybersecurity, you can identify vulnerabilities, and address and mitigate business risk properly. A comprehensive risk management program integrates the following elements:

  • Continuous testing (yearly, quarterly and monthly)
  • Remediation
  • Scorecard
  • Governance (NIST CSF/ISO27001)
  • Strategy
  • Roadmap development
  • Threat intelligence
  • Incident response

Presidio advocates a five-step roadmap to achieve a holistic cyber security strategy:

  1. Baseline Assessments: After conducting an annual assessment, companies should test their remediation efforts and current vulnerabilities quarterly. CIOs should be able to provide their executives with a report showing areas of strength and weakness, and capture their feedback regarding current issues and challenges for improved visibility and buy-in.
  2. Compromise Assessments: Assess hardware to control traffic leaving the network. Companies should have a method to reliably identify indicators of compromise, malicious traffic, and attackers.
  3. Network Architecture: Companies should approach network security on two levels: the tactical (engineering) and strategic (design, roadmap, compliance, scope). Build the network according to the defined architecture.
  4. Implementation and Governance: Unless a company can implement a security framework adhering to the controls and standards they have established and maintained over time, Steps 1-3 will not be effective.
  5. Continuous Risk Management: Companies can use threat review, active threat analytics, incident response and more to monitor and operate their security frameworks. Identified vulnerabilities must be remediated immediately.

The Presidio Next Generation Risk Management approach to cybersecurity provides a security strategy for managing today’s risks while preparing companies for new risks and threats as they emerge. We would be happy to share how best practices have already been implemented in your industry.

Presidio
Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Cloud and Security solutions. We deliver this technology expertise through a full life cycle model of professional, managed, and support services including strategy, consulting, implementation and design. By taking the time to deeply understand how our clients define success, we help them harness technology advances, simplify IT complexity and optimize their environments today while enabling future applications, user experiences, and revenue models.
Facebook
Twitter
LinkedIn
CONTACT US   |   LOCATIONS
SITEMAP
phone
Terms    |    Privacy    |    Careers    |    Investors
© 2018 Presidio, Inc. All rights reserved.