Why is it that virtually all aspects of IT operate at near real time EXCEPT security? You can spin up a new server on demand or create a new database in a couple of minutes, but anything that has to do with the security policy can take weeks—or longer.
There’s a mantra in the business world that says “You can’t manage what you can’t measure” and no truer words have ever been spoken in information security. Building an information security metrics program is not glamorous, but it’s an invaluable tool to help measure and visualize KPI’s (Key Performance Indicators) to help you improve security across the organization. By displaying the evidence in an objective manner to your selected key stakeholders you will be able to get your point across regarding risks, areas of improvement and highlight the company’s achievements in protecting the organization.
For many IT security professionals, compliance goes way beyond meeting regulatory standards. Increasingly, many companies, particularly those in the financial sector, have taken a harder stance and require compliance with their own stricter corporate security standards and industry best practices to minimize the risk of cyber-attacks. These corporate standards are often updated following a well-publicized security breach—which means that lately there have been a lot of updates.
According to a recent survey, two thirds of organizations are currently deploying or planning to deploy business applications on a public cloud infrastructure. If your organization is among them consider this: two-thirds of the organizations we surveyed are struggling to figure out how to extend their security policy across the hybrid environment. It a little daunting, right?
A business owner makes a simple change request in order to allow traffic to a new application. You now need to figure out the right firewall rules to change. This should be pretty simple… but what if you’re using NAT (Network Address Translation) in your environment?
But while CIOs and CISO are focused on selecting the right technologies to help detect and contain attacks before they can do any damage, there are a bunch of things you can and should do to harden your security posture that don't directly involved technology. Here are 4 tips: