Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

5/16/2019
02:00 PM
Julian Waits
Julian Waits
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The Data Problem in Security

CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.

Today's CIOs are the stewards of company data, responsible for its health and performance as well as maintenance of the availability, speed, and resiliency their stakeholders expect. CISOs, however, sometimes serve as emergency room doctors for their company's data. Their role is to think about worst-case scenarios, diagnose the severity of incidents, and jump in when incidents happen or are likely. Their first priority is to keep patients alive, but keeping them healthy is worth bonus points.

Like ER doctors, CISOs need rapid prioritization tied to the health of the business to effectively triage incidents. To establish each organization's guidelines around what data matters most every CISO must consider reputation, resiliency, and regulatory impact.

Defining and Solving the Data Problem
A CISO must consider focus on business protection, cybersecurity breaches, and the role of data in their organization:

● Reputation: Which data loss would hurt the business' reputation and negatively impact a customer or investor's confidence in the business?

● Resiliency: What data outage could cause business disruption, and could the business come back from the outage?

● Regulatory impact: What is the financial or legal liability?

With these themes in mind, the CISO's data problem is twofold: which data most needs to be protected, and what data is needed to monitor and diagnose an incident when protection fails?

The first step is for the CISO to get their arms around all the data that matters. These days, data ownership is often federated, so CISOs must team up with peers to get access and manage the overlapping ownerships. For example, the security team may have access to one body of data, whereas application teams have another. Lines-of-business leads would own their business data in SAP, for example, while the CIO would manage the infrastructure's operational data and maintain the health, performance, and security protection of SAP and the data it contains. Underscoring this business dynamic is the critical role that CISOs play: They need to ensure their peers have visibility into all business-critical data, and they need to ensure they have full access to this data and its supporting systems.

With the data in hand, the next step to solving their data problem is to examine tool sets and ensure they have maximum visibility. Today, environmental complexity is such that you may not know what it contains, making visibility difficult to achieve. Organizations have on-premises environments, workloads in multiple clouds, numerous purpose-built applications, Internet of Things devices, and more. When combined with organizational silos, shadow IT, rogue DevOps teams and business units driving "digital transformation" that put speed-to-market ahead of architectural elegance, efficiency, and application security, it becomes even clearer that the job of the CISO is getting harder every day.

Business Impact Analysis Best Practices
Forward-thinking CISOs lead their teams with the goal of protecting what matters most while maturing their security capabilities and posture. This begins with a business impact analysis that explores which applications and systems are most critical to provide the environmental visibility needed to enable effective data protection. In any organization, this task is daunting and time consuming; however, the larger the organization, the higher the risk and the reward. Both the CIO and CISO have much to gain by looking strategically at their organizations, aligning efforts, and improving the efficiency and effectiveness of their teams and technology.

With business impact in mind, CISOs can better drive security maturity and improve their cyber hygiene. This can start with simple but necessary activities like vulnerability identification and management, endpoint protection, or malware detection; even these activities can be prioritized by business impact and informed by a view of reputation, resiliency, and regulatory requirements.

Once CISOs have grasped the business impact of their data according to the three pillars — defined data boundaries, access, and tool sets in use across the organization — then it's time to review tools' effectiveness and return on investment. Most CISOs know not all their tools are effective or delivering as promised; what's important is determining which tools are truly useful or necessary, and understanding the financial impact. This is also an opportunity for CIOs and CISOs to work together — there's limited technology budget to go around. If CIOs and CISOs can leverage system synergies on top of common data sets, and then further align systems with critical business units, then there is a huge opportunity to optimize spending, operations, and protection.

Emergencies Are Preventable with Primary Care
The constant specter of a serious data breach keeps many CISOs up at night. CISOs know how to handle emergencies, but like their ER counterparts, they'd prefer they never happened in the first place. The modern CISO needs to start with primary care — understand business impact, the effect of security incidents on reputation, resiliency, and regulation, and then address these needs with a robust security program aimed at mature cyber hygiene.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Julian Waits has 30-plus years in senior leadership roles at technology companies, specializing in security, risk and threat detection. He services on several industry Boards, including ICMCP and NICE, promoting development of the next generation of cyber security ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.