Fostering a Special Care to Mission Critical Systems
CIOReview
CIOREVIEW >> Naval Tech >>

Fostering a Special Care to Mission Critical Systems

Darren Death, Vice President of Information Security & CISO, ASRC Federal
Darren Death, Vice President of Information Security & CISO, ASRC Federal

Darren Death, Vice President of Information Security & CISO, ASRC Federal

Cybersecurity took a special place in the 2017 news cycle of as organization after organization fell victim to cyberattacks. It used to be that you would have to break into an organization’s physical building to take their secrets. We now live in a time where your adversary can reach out from great distances, causing great harm to organizations that are unprepared.

Organizations must take special care when operating their mission critical systems, ensuring that they are properly protected. While this may seem like the time to start talking about shiny new cyber security tools, the reality is that the publicized breaches of 2017 were not highly advanced. These attacks took advantage of clear weaknesses in the victim’s information systems resulting in great damage to their organizations.

First, rather than talking about the next shiny tools, organizations need to start a dialogue regarding their IT Hygiene. Typically, when you hear hygiene discussed from a technology perspective it is presented as Cyber Hygiene. However, I think it is more correct to frame this conversation as IT Hygiene. As a Cyber Security professional and CISO I am very interested in what an organization’s IT Hygiene is and what can be done to improve the hygiene level and subsequently protect the mission of an organization. In most cases the team responsible for maintaining the configuration of an organization’s information system is not the Cyber Security team. Rather it typically is the IT Operations team who maintains the configuration of the environment and will usually implement most of the settings related to IT Hygiene.

  I am interested in what an organizations IT Hygiene is, what we can do to improve it and protect the mission 

Why am I making a big deal about IT vs Cyber Hygiene? When an organization shifts the “keep the lights on” day-to-day maintenance and operational activities to a class of work called “Cyber” hygiene, there is a risk of the Ops team loosing focus on those essential daily activities. Additionally, by referring to operation and maintenance activities as Cyber Hygiene activities, one runs the risk of them becoming security requirements and not included in O&M scheduled tasks, or even worse only being given attention when the Security team raises a problem.

Ultimately, the success lies in ensuring your organization’s IT Hygiene is a team sport that requires both the Cyber and Operations side of the technology organization to come together and solve these difficult technical challenges.

Below are some high-level thoughts that will get your organization well on the way to experiencing good IT Hygiene across your networks and information systems:

1. Inventory all devices, operating systems, and software on your organization’s network.
2. Develop and implement Secure Configuration for devices, operating systems and software.
3. Patch everything as often as you can.
4. Continuously tests for vulnerabilities, prioritizing the most critical deficiencies for immediate remediation.
5. Limit administrative privileges to only the few individuals that require them.
6. Centralize and review audit logs and data from devices, operating systems and software.
7. Always backup your data.

This is by no means an exhaustive list of activities necessary to protect your environment. These activities are however some of the most important foundational items. If you are not implementing these basic foundational items, your enterprise may be on a very weak foundation, one moment away from being the next news story.

See Also : Naval Technology 

Read Also

Insurance Market is in Full Swing in Tune with the Digital Transformation

Insurance Market is in Full Swing in Tune with the Digital...

Adilson Lavrador, Executive Director of Operations, Technology and Claims, Tokio Marine Seguradora
A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality Assurance Team

A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality...

Jamie Martin, Vice President of Supply Chain and Chief Procurement Officer, Pacific Gas and Electric Company
The Future Of Oil And Gas Industry With Digital Solution

The Future Of Oil And Gas Industry With Digital Solution

Azfar Mahmood, Product Manager, Jeremy Angelle Vice President Digital Solutions at Frank’s International
Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Matthew Harwood, GVP Strategy and Sustainability, McDermott International
Using Technology To Improveremote Worker Safety

Using Technology To Improveremote Worker Safety

Grantt Bedford, Director - Safety, Environment & Quality For The United States At Eni
Unified Command And Operation Cyber Centers (Ucoc): Beyond Remote Operation Centers

Unified Command And Operation Cyber Centers (Ucoc): Beyond Remote...

RobelloSamuel, Chief Technical Advisor and Halliburton Fellow (WellEngg.), Halliburton