While losing weight, finding a significant other or getting rich quick still probably top the list of New Year’s resolutions, IT leaders should consider a refresh of their cybersecurity strategy. Here are a few items to add to your New Year’s resolution planning for 2019:
● Agencies looking to scale digital government initiatives should align these initiatives with a solid and well-though-out cybersecurity strategy and program. This includes considering incorporating as-a-service models and more service oriented. Comprehensive planning means thinking about on-premise and cloud security as a complete lifecycle, rather than silos, to effectively define agency strategies for cybersecurity, cyber defense, and cyber resilience.
● Enhance the Chief Information Security Officer (CISO), Chief Digital Officer (CDO) and other key roles within the agency to be “mission and business leaders” accountable for mission outcomes with the associated metrics, based on security strategies implemented. More responsibility—and therefore accountability—should also be expected moving forward for these key roles. These roles should drive more collaboration across IT, including Network Operations Centers, Security Operation Centers, and Monitoring Operation Centers. Your security strategy should cut across all these areas and include the application and presentation layers of your technology landscape.
● Embrace innovation to take advantage of the latest techniques and tools to identity threats, monitor, and secure your data. Embrace innovation to use applied machine learning and deep learning to help predict threats and breaches and be prepared with quick remediation in the event of a breach. The ability to build prototypes can help introduce emerging cybersecurity, defense and resilience strategies quickly and relatively risk-free.
● If a breach does occur, ensure you have proper processes and procedures in place to mitigate risk. Develop sound defense and resilience approaches. Surprisingly, when asked what steps people would take to mitigate a breach, most people don’t have an answer. These days, there are a lot of reference frameworks that can be used as a standalone, complement to, or extension of a proprietary framework. Examples (according to MITRE Cyber Prep 2.0) include NIST Cybersecurity Framework (CSF), Federal Financial Institutions Examination Council (FFIEC) who developed a Cybersecurity Assessment Tool, the CERT Resilience Management Model and the DHS Cyber Resilience Review; and a variety of proprietary capability maturity models and frameworks.
● Work closely with teams immersed in emerging or emerged technologies to build and enhance the talent pool of cybersecurity resources in areas such as Hybrid Cloud, AI, IoT, Advanced Analytics, DevSecOps, and automation. Develop the knowledge to effectively work with managed security service providers and cybersecurity product vendor partners to ensure proper contractual expectations.
I am confident that if you tweak your New Year’s resolution a bit to add the above to your daily activities, it may not help you lose weight, but it may have other positive benefits to your heart health!
Resolve to a comprehensive cyber defense in 2019. Get Started Now!
Post Date: 1/9/2019