5 steps for 5 elements
Work with us to implement your Secured-IT inventory, policies, budget, solutions and processes for Hardware, Software, Credentials, Data and Staff
Inventory
You cannot secure what you do not know. Security starts with inventory.
Three phases of inventory:
- Static Inventory
- Active Inventory
- Proactive Inventory
It starts simple, and then iterates until it becomes more complex but more effective as well.
Map to the inventory requirements / controls in the CIS-20 CSCs:
- HW Inventory CSC-01
- SW Inventory CSC-02
- Credentials Inventory CSC 04-01
- Data Inventory CSC 13-01
- Staff Inventory CSC 17
Governance
Governance mandates what we are required to do.
- Policies identify what data is important and what data is not.
- Policies tell us what data we are supposed to secure and how significantly we are supposed to secure it.
- Policies give us guidance as to who should and who should not have access to sensitive data.
- Policies give our staff guidance on what is appropriate behavior and what is not.
Budget
Governance is leveraged to help develop the budget to protect what needs to be protected most, and then the next important thing, and the next on down the line. The highest risk Hardware, Software, or Data should receive the strongest security protection. Often, staff is considered the highest risk and security training becomes the earliest control implemented in the company as a result.
In order to develop a budget, the security options must be well-researched, well understood and proven by the security implementation team. In the absence of these factors the risk to maintain successful cost control is high.
Security
Once we have a budget, we can begin to work on the security remediation plan to close the gaps identified during the assessment by installing effective security solutions.
In many cases it is valuable to map the required security controls to a well-known standard such as the CIS-20 CSCs (Center for Internet Security 20 Critical Security Controls). When this is done properly, your security provider will have a set of well developed, mature security solutions to implement the security controls defined by the standard.
Process
The fifth aspect, Process, addresses to primary categories:
- The processes to define, install, configure, test & verify IT components and the security configurations and controls.
- The process is to iterate and update the framework across all the elements.
All things in IT and Cyber Security have changed continuously. Modifications are made to systems and sometimes patches, or modifications are not properly implemented – sometimes things get missed. Staff members come and go, and people enter and leave security groups.
A Process must be defined that calls for a periodic Assessment, Feedback, and Improvement, which is critical to maintaining a successful Secured-IT environment.
The results of assessing are fed back for continuous improvement. This is the mark of mature and effective organization.
5 steps for 5 elements
Work with us to implement your Secured-IT inventory, policies, budget, solutions and processes for Hardware, Software, Credentials, Data and Staff
