Most experts maintain security involves a combination of people, processes and technology. However, too often infosec leaders focus on technology because it’s the most tangible thing — plug this hole with this solution and things are better.
A report released this morning by Intel Security argues that encouraging security and IT teams to work together will improve preparedness and overcome the cybersecurity skills shortage.
A survey of 565 security decision makers around the world including some Canadians found organizations believe they could become 38 per cent to 100 per cent more effective if their threat management and incident response personnel would collaborate better. That may seem obvious but in the rush to face an intrusion teamwork sometimes gets ignored.
“This collaboration could take the form of workflows and data sharing among people— formerly siloed IT and security teams—as well as integration and automation of controls, policies, and processes to improve operational efficiency,” says the report.
Coincidentally, former White House CIO Theresa Payton penned a column this morning that also argues throwing more hardware and software at the problem wasn’t the first solution. “Our security protocols were meaningless if we made them too difficult for people to do their jobs,” she writes.
Payton says there are three smart steps an organization can implement now to reduce the threat of a breach: Have the CISO establish a kill switch that stops a breach in its tracks but enables the organization keep working without compromising security or privacy; have the CISO segment the top two critical digital assets to protect them; and have the CEO commit to putting security and innovation on an equal footing.
You might also want to think about this blog by Tripwire president Gus Malezis on the so-called five monkeys on the CISOs back including the likelihood of an intrusion, the skills gap, and the soaring number of endpoints thanks to mobility and the Internet of Things. His prescription: Manage and mitigate risks through risk assessment, adopting a standards-based security framework such as NIST, Gartner’s PPDR, CIAS or ISO 27001, and continuous monitoring and calibration of security and compliance programs.
Depending on the size of the organization there can be as many as eight roles that share varying levels of responsibility across the threat defense lifecycle, Intel says, including security engineer/architect, incident responder, SOC analyst, network administrator/engineer and endpoint administrator. “Increasing the trust and transparency among interdepartmental teams can go a long way toward ensuring that these functional entities work together well,” says the Intel report. “Teamwork will help them resolve security issues more quickly, and there will be less chance of the problem getting worse due to a lack of co-ordination.”
When putting together a strategy these things have to be on the CISO’s mind.