Layers, Critical Functions & Realms
Most security services are flat and one-dimensional. Meaning it only looks at the boxes checked not the effectiveness of the solution itself.
You can check the box that you have installed a firewall but if it is not properly configured, regularly updated, and monitored, it can then become a great risk to your organization. Creating a false sense of security.
In order to achieve a true comprehensive cybersecurity program, you need to align these pillars as you would align the colors to solve a Rubik’s Cube :
- The 3 Necessary Layers
- The 9 Realms of Cybersecurity
- The 9 Critical Functions
3 Necessary Layers of Cybersecurity
Errors or flaws in human security tend to cause more than 90% of all security breaches. People are, in general, both the greatest asset and the greatest vulnerability that an organization can have. Humans are prone to errors, weaknesses, ignorance, distraction, and bad habits when it comes to security practices. The only way out of the endemic weaknesses of the human security layer is through implementing the best of education and training and building a culture of security in the organization.
Test your training methods thoroughly and often and test your employees’ security readiness. Both technical and non-technical employees should possess a basic level of security knowledge, such as, how to spot a phishing attempt, good password hygiene, access control management, and emergency procedures. For assistance with effective security training modules, please contact managed IT services.
One way to ensure consistency in your security practices is through standardizing security processes through comprehensive information security policies. This ensures that all employees are required to perform standard sets of steps or actions to adhere to security guidelines. Since unauthorized access is often one of the main causes of a data breach, employees must be aware of how to effectively implement access control and secure password practices. For further information and guidance, please refer cybersecurity.
Information security policies are overarching policies that cover:
• Organizational (or Master) Policies
• System-specific Policies
• Issue-specific Policies
- A. Data Security – This effectively controls the processes of storage and transfer of data.
- B. Application Security – Ensuring the security of applications involves implementing access control to an application, managing that application’s access to your mission critical assets, and managing the internal security of the application.
- C. Endpoint Security – The endpoint security control layer secures the connection between all endpoints/ devices and the network.
- D. Network Security – This layer of security control serves to prevent unauthorized access to the network and employs defenses to protect the organization’s network.
Cybersecurity needs to be viewed in a multi-dimensional way - 9 realms
- Perimeter:Your firewall, wireless network, VPNs and anywhere your private network touches the public.
- Endpoints:Your workstations, servers, IOT devices, point of sale devices, and devices that have an operating system and users interact with on your network.
- Network:The infrastructure that endpoints communicate over, including routers, switches, cabling, wireless access points, and controllers.
- Data:The information at rest or in transit that your organization owns, stores, protects, creates or has stewardship over.
- Applications: The software, programs, websites and systems that create, manage and house data.
- Human:The people that use technology to have access to data and applications through an endpoint connected to the network.
- Physical:The building, offices, assets, and services that are part of the organization.
- Mobile:Your smartphones, tablets, and laptops that interact with your network from any location.
- Cloud:The environment that hosts servers and services that you and your clients can access from anywhere in the world.
9 Critical Functions
- Identify your assets, data and risks with a thorough asset, data and risk inventory.
- Measure your current security level, vulnerabilities and risks through a vulnerability, security & risk assessment.
- Decide your targeted/acceptable risk and security level, and decide to avoid, transfer, mitigate or accept risk.
- Protect your assets, infrastructure, endpoints, data, etc. with security controls, patches, defensive and risk mitigation strategies
- Detect suspicious, dangerous & malicious activities, intrusions, data exfiltration, through active monitoring for TTPs, IOCs and behavioral anomalies.
- Respond to alerts and threats, quickly evaluate all available information to identify if a threat is real and create an incident response plan.
- Contain threats, intrusions and malicious activity through segmentation, isolation, privilege access management and decisive action.
- Eradicate the threat, vulnerability, malicious code or actor or other danger from the environment.
- Recover from damage or loss, restore systems to secure & functional state and verify the Confidentiality, Integrity and Availability (CIA) of data and.
If you are not monitoring all, you will end up with holes in your cybersecurity solutions, giving hackers a way in.