An Inquiry Into an Organization's Security Priorities

Mar 1, 2021 04:00 pm Cyber Security 215

In the wake of recent high-profile security incidents, I started wondering: what, generally speaking, should an organization's security priorities be? That is, given a finite budget — and everyone's budget is finite — what should you do first? More precisely, what security practices or features will give you the most protection per zorkmid? I suggested two of my own, and then asked my infosec-heavy Twitter feed for suggestions.

I do note that I'm not claiming that these are easy; indeed, many are quite hard. Nevertheless, they're important.

I started with my own top choices.

The next suggestion is one I should have thought of but didn't; that said, I wholeheartedly agree with it.

Inventory – Know what computers you have, and what software they run. If you don't know what you've got (and who owns it), you don't know whom to alert when a security vulnerability pops up. Consider, for example, this new hole in VMware. Do you know how many VMware servers you have? If you ran the corporate security group and saw that alert, could you rapidly notify all of the responsible system administrators? Could you easily track which servers were upgraded, and when?

The next set of answers have to do with recovery: assume that you will suffer some penetration. Now what?

Backups – Have good backups, and make sure that at least one current-enough set is offline, as protection against ransomware.

I would add: test recovery. I've seen far too many situations where backups were, for some reason, incorrect or unusable. If you don't try them out, you have no reason to think that your backups are actually useful for anything.

Logging – If you don't have good ..

Support the originator by clicking the read the rest link below.