BackWith the global cost of cybercrime set to reach $6 trillion by 2021, it is becoming imperative for every organization to have a Chief Information Security Officer, or CISO, at the top table. Whether outsourced or in-house, a CISO plays an essential role in mitigating the threat that cyberattacks now pose.
However, many people are still unfamiliar with the idea of a CISO, let alone the responsibilities that the position entails. So, we have decided to follow Alex, a newly appointed CISO, and take you on her 7-stage journey to ensure that her organisation is secure.
Firstly, Alex must look at Security Operations. The simplest way to do so is to break it down into three separate components:
1. Prevention – the mechanisms that are in place to avert cyberattacks.
2. Detection – the methods that can be employed to locate those that have circumvented an organisations cybersecurity defences.
3. Response – the ways an organisation reacts to incidents that have occurred.
It is worth noting, that these three steps are interconnected and, due to budgetary and resource constraints, not every organisation can carry out each part. In order to understand what each component entails, it is important to examine them in more detail.
Prevention involves taking proactive measures to improve an organisation’s security posture and to minimise the impact of attempted cyberattacks.
The prevention stage consists of:
1. Data Protection
a. Encryption, PKI, TLS
b. Data Loss Prevention (DLP)
c. Email Security
2. Network Security
a. Firewall, IDS/IPS, Proxy Filtering
b. VPN, Security Gateway
c. DDoS Protection
3. Application Security
a. Threat Modeling
b. Design Review
c. Secure Coding
d. Static Analysis
e. Web App Scanning
f. Web Application Firewall (WAF)
g. Runtime application self-protection (RASP)
4. Endpoint Security
a. Anti-virus, Anti-malware
b. Host Intrusion Detection and Prevention System (HIDS/HIPS), File Integrity Monitoring (FIM)
c. App Whitelisting
5. Security Configurations
6. Active Defence
7. Patching
Detection involves deciphering precisely how a malicious actor circumvented an organisation’s cybersecurity defences and locating where they gained access to its systems. The detection stage involves:
1. Log Management/SIEM
2. Continuous Monitoring
3. Network Security Monitoring
4. NetFlow Analysis
5. Advanced Analytics
6. Threat Hunting
7. Penetration Testing
8. Red Team
9. Vulnerability Scanning
10. Human Sensor
11. Data Loss Prevention (DLP)
12. Security Operations Centre (SOC)
13. Threat Intelligence
14. Threat Information Sharing
15. Industry Partnerships
Finally, the response is concerned with the ways that an organisation reacts to a cybersecurity attack that has occurred. This stage involves responding to the cybersecurity breach that has taken place as well as taking steps to ensure that a similar incident does not occur again.
The response stage consists of:
1. Incident Handling Plan
2. Breach Preparation
3. Tabletop Exercises
4. Forensic Analysis
5. Crisis Management
6. Breach Communication
Alex’s company is small and she initially wondered whether every organisation, even hers, must carry out all of these tasks. However, after careful consideration and consultation with experts in the field, she was assured that each company, regardless of its size, must have these measures in place to ensure it is protected.
Moreover, aware that this is only 1/7 of her responsibilities as a CISO, Alex began to wonder how feasible it would be for just one person to oversee so many tasks. Thankfully, she soon learned that many of these tasks, such as penetration testing or SIEM services, can be subcontracted out to organisations like Stryve.
Although this may alleviate the burden placed on Alex as a CISO, it does not undercut her importance. Ensuring good cybersecurity practices are in place is a long-term investment that allows companies to survive for years to come.
As a CISO, Alex must carefully consider how she wants to manage Security Operations within her organisation. Nevertheless, accomplishing the above tasks brings her one step closer to fulfilling her responsibilities and improving her organisation’s cybersecurity posture.
