THE NEW NORMAL IN CYBERSECURITY MANAGEMENT.

4 years ago 191
BOOK THIS SPACE FOR AD
ARTICLE AD

Image for post

Image for post

Skuudo

With the covid, the objective remained, but the problems and the day to day has changed. We continue to protect the organization, we continue to secure our data, and we continue to protect users. But, for each of the defense lines (operation, strategic and ), many things must be adapted.

1st line of defense: Operation

The responsibility is the continuity of operations, security monitoring, security incident management, and the assurance and implementation of controls.

The 3 pillars process, people and technology remains. We continue to have to ensure visibility, control and responsiveness. But now we have another variable, which is the prioritization of people’s health. And that impacts each of the pillars.

Process

. How to eliminate the face variable?

. How to give continuity without lowering the level of control?

. How to quickly adapt to new business needs?

People

. Relationship in the team

. New hires

. Solving domestic problems

. Team synergy work

Technology

. How to support the load in distributed models?

. How to keep the system / data safe under the new model?

. How to guarantee technological improvements / supports in a remote model?

2nd line of defense: Strategic

The responsibility is risk management, definition of controls, definition of the organization’s security objectives, as well as strategic decisions.

The goal of keeping the organization safe stands, but…

a. The business reinvents itself. Not only from the point of view that everyone works from home, but also how to get the customer to continue consuming your product without being able to reach it physically.

b. Identify new attack vectors.

c. Reframe the how? How does this model affect us? How does it affect the organization? How are we going to process? How are we going to ensure? How do we continue to mature our security management process?

d. Reassess the risk

All this went down to an economic depression, down to a reduction in costs, expenses, investment. Without a clarity of future in the short-medium. And the most curious thing, all made from home.

3rd line of defense: Audit

The responsibility is to validate compliance and identify any security flaw that may occur, throughout the entire chain.

a. Auditors had to reschedule their audit plans in many cases. The operation in many cases is super saturated.

b. Auditors have to defend the context and urgency of their observations.

c. Make your observations more flexible (within what is tolerable) or the strictness of some controls.

d. Maybe adjust in time, or through compensatory controls.

How to demand improvements or observe defaults during long periods of contingency? When the budget and the situation limit new initiatives and / or the operation is at its maximum capacity.

And the attack?

. The vulnerabilities remained the same.

. More time to reinforce and add knowledge.

. Offer / convince clients to continue executing.

. It was time to rethink attack scenarios.

. Begin to test techniques of how the new model would be violated.

. Some still do not differentiate this new normal.

Read Entire Article