• No results found

The Path Ahead for Security Leaders

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "The Path Ahead for Security Leaders"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Who Should Read This White Paper

» Board of Directors » C-Suite

» CISO/CSOs

» Directors of Security

“By linking your identity to business value rather than limiting it to technology subject matter expertise,

the security leaders of today can earn a strategic role on the executive

teams of tomorrow.”

Executive Summary

If you asked security leaders five years ago what their primary focus was, you would likely get a resounding:

securing our operations. However, with the increased spotlight on cybersecurity and its influence on business growth and strategy, the security leader role has rapidly evolved from an operational focus to a balance of assessing and influencing business strategy while maintaining a strong security posture.

In this white paper we will discover what the evolving path ahead for security leaders looks like, the importance of communication from top to bottom, focusing on how proactive measures can stop threat actors from derailing businesses, and how building a security architecture that protects the most critical assets will support the overall goals of an organization.

What You Will Learn

» How successful security leaders must balance their focus on both business strategy and security operations.

» Proactive communication from top to bottom

promotes clarity of goals and checks and balances across organizations.

» How proactive measures can stop threat actors earlier in the Kill Chain.

» Building a security architecture that supports the busines starts with understanding what data is most critical.

The Path Ahead for Security Leaders

WHITE PAPER

(2)

Eyes on the Business: Proactive communication top to bottom

To successfully move into the future, security leaders will need to shift from a narrow

focus on technology and solutions to a broader business focus by acquiring the skills necessary to communicate effectively with the executive team and board. They will also need to be adept at building the business case for security as a critical and integral component of business strategy. With the ability to approach security as a business challenge, rather than an IT mandate, security leaders can win alignment with business executives who relate to the business in terms of winning, retaining, and serving customers.

Any communications with the board should be packaged appropriately and transferred from the top down. Objectives and strategy articulated from the top help to drive clarity of goals and purpose on all levels. Allowing for open lines of communication both vertically and horizontally promotes checks and balances that enable all parties to be heard. As the

ambassador between the board and the IT security practice it is critical for the security leader to maintain the delicate balance of the technical security standards and the strategic business vision.

Gaining the respect of all parties from top to bottom requires the shift from reactive to proactive management. Organizational fire drills diminish confidence and cause anxiety across the organization on all levels. Ensuring plans are in place, all personnel are trained, and communication that has a cadence builds a framework which clears the clutter and opens the eyes and ears of the parties security leaders need to influence.

While the basis for cyber security is IT, the way in which it is perceived, respected and acted upon within the organization will increasingly rely on a security leader’s ability to tie it to business objectives and enabling the safe pursuit of those business objectives. The ability to do so relies on obtaining the resources necessary to approach security in three dimensions: with people, process and technology. Without any one of those elements, the three legs that hold up the stool that’s the core of security will break. People are both the strongest and weakest link in the security posture. Processes help to strengthen them and the technology supports their ability to resist threats and defend the organization when threat actors strike.

The Path Ahead for Security Leaders

As security becomes a business-critical issue in addition to an IT challenge, the role of the security leader is crossing traditional boundaries between day-to-day security operations into evaluating and implementing transformational business change.

Security leaders have a delicate balance ahead of them, staying technically focused while assessing the risk appetite of the company in relation to its business goals. The prevalence of high-profile breaches reported by media just last year has raised visibility and priorities related to security for organizations across industries, as well as with boards of directors.

The growth in cyber threats and the creative approaches to exploits requires keeping your eyes on two key areas: the evolution of business goals and the ongoing IT security operations. The path ahead for security leaders merges the worlds of business strategy and security operations. This requires finesse, but when achieved can enable the effective development and line of communication required to transform a company. As security leaders manage to keep their eyes on both priorities, a platform for business growth is established with the backing of a solid security posture that mitigates risk.

Abnormal business churn rates over the past 3 years following a security breach.

2.8% 3.3% 3.4%

201 3 201 4 201 5

(3)

Eyes on Security Operations: Security Posture, Visibility and the Kill Chain

Cyber criminals will never go away. They will continue to look for new ways to infiltrate systems and steal personal data. Keeping track of the latest threats, new pieces of malware, and latest compliance requirements will always be a key focus area for security leaders. Understanding that cyber criminals operate with processes and procedures similar to legitimate business entities is the first piece of the puzzle. The Kill Chain is a documented methodology that explains a threat actor’s process. Learning this process—even though each incident will have variables—enables security leaders to take a strategic approach to defend, resist, and

respond to disrupt the threat actor’s progress toward acting on their objectives. Finally, the threat actor must be eradicated from your environment.

Understanding the process threat actors pursue allows security leaders to overlay security posture to stop the threat actor earlier in the Kill Chain. Developing this capability requires specific resources and activities, including:

• Identifying the critical information that’s at risk within your company, where it lives and who has access to it—including third parties

• Putting the right people, processes and technology in place to mount a defense

• Reacting swiftly to remove identified vulnerabilities

• Identifying threat actors, their capabilities and how they plan to exploit the company’s data

• Conducting continuous assessments of the environment to enable timely response and resistance

Figure 1: The Kill Chain with Security Posture Overlay

Disrupt the kill chain and stop the attack Detect threat activity

earlier in the kill chain

Target

Defined Objective

Met

Know your adversaries and their methods

Eradicate actor presence and remove the threat

Recon

Development

Weaponization Exploitation

Installation

Command

& Control

Action on Objective Delivery

“The growth in cyber threats and the creative approaches to exploits

requires keeping your eyes on two key areas: the evolution of business

goals and the ongoing IT security

operations.”

(4)

As you can see in Figure 1 above, knowing your adversaries and identifying what they’re after provides ample opportunity at the beginning of the Kill Chain to detect and disrupt threat actors earlier—before damage can be inflicted.

With the capabilities above in place, the security team is better able to understand the threat actors targeting the company, know what data they are after and how they may go after it. This insight can be used to detect activity earlier in the Kill Chain. The level of visibility into the operations and security of systems, networks, and assets is critical to

the ability of the security team to detect threat activity—from both behind and in front of the firewall. Disrupting the threat actor earlier in the Kill Chain relies on this visibility, as well as the expertise deployed to monitor and address threats in real time.

Maintaining a reactive stance, rather than taking a proactive approach to security, is what causes organizations to find threats later in the Kill Chain. Being reactive wastes valuable time when organizations must scramble to bring in experts after the fact to determine root cause and eradicate the threat. A proactive and purposeful approach that provides visibility into security gaps will help eliminate the chaos that is the constant companion to a data breach.

Visibility across your environment requires understanding your network architecture. This also includes the architecture of your third party partners. The relationship you establish with any external vendor must be structured and governed. Successful security leaders ensure proper documentation of the relationship with the vendor on the front end is above and beyond the necessary legal documentation.

In addition to keeping tabs on third parties, leveraging technology to provide automated insight into your network can help accelerate response capabilities when a breach occurs. Investing in capabilities that monitor networks and endpoints for signs of advanced threat actor activity can provide early detection or detailed information on the threat allowing you to take actionable next steps at containing and eradicating the threat actor.

A breach is a “when,” not “if” event. It is critical that security leaders have a documented security incident response plan in place detailing roles and responsibilities across the organization, and that the plan is tested regularly to ensure effectiveness. Once the attack has been verified and the root cause has been identified, security leaders will need to determine the most effective and expedient way to “break the Kill Chain,” or remediate the issue. This decision is not trivial and requires input from senior management, legal counsel, and based on materiality likely law enforcement, government, and the board of directors.

Building a Security Architecture that Supports the Business

While it’s true that the level of resources available for security architecture are often different based on the size of the company, this shouldn’t be the determining factor for how your organization approaches cyber security. Nor is it strategic to implement incremental security enhancements that don’t tackle the broader issues associated with the overall information security threat or business goals. As mentioned above, developing adequate security defenses is not solely about technology, but must include people and process.

Performing a risk assessment that determines which data is the most critical to sustaining your business model and then identifying the threat actors that are targeting your organization is the starting point. Many organizations pursue compliance as the path to security. This is a flawed assumption. A healthy number of the companies with breaches you see in the headlines meet compliancy requirements.

“Many organizations pursue compliance as the path to security. This is a flawed

assumption. A healthy number of the companies with breaches you see in the

headlines meet compliancy

requirements.”

(5)

Once armed with knowledge about your key data and the threat actors that may target your organization, a security assessment can help to determine where vulnerabilities exist. Prioritizing those vulnerabilities based on an assessment of the organization’s risk appetite will help to determine the actions taken to mitigate the most pernicious risk. In addition, consider goals that security should produce, such as compliance, in order to develop a comprehensive and practical defense strategy.

Only with this information in hand can a security architecture that includes the appropriate people, technology and processes be designed specifically to protect the unique attributes of the business. Whether the organization is an SMB or enterprise, the priorities identified during these assessments will ensure that as the architecture is built, the choices made will evolve in a proactive approach to a strategic defense.

Conclusion

The Path Won’t Be Easy, but it Will Be Worthwhile

The security leader’s role is evolving. The skillsets needed are expanding to straddle both IT and the business. If you want to manage the whole strategy instead of taking the role of a technical expert brought in only to advise on technology, the time to start developing business acumen has arrived. Security leaders have the opportunity to establish business value by taking active roles in information management, risk management, brand protection, third-party relationship management, as well as to pursue roles other than those related strictly to technology. By linking your identity to business value rather than limiting it to technology subject matter expertise, the security leaders of today can earn a strategic role on the executive teams of tomorrow.

For more information, call (877) 838-7947 to speak to a Dell SecureWorks security specialist.

www.secureworks.com

References

Download now ( PDF - 5 Page - 638.34 KB )

Related documents

Intra-household inequality and child welfare in Argentina

35 Female labor participation may generate many intra-household effects: time allocation effects (e.g., both parents working have less time to allocate to child care or domestic

The feasibility of conducting manual image segmentation of 3D sonographic images of axillary lymph nodes

The objective of the study was to conduct a feasibility study of the use of manual image segmentation using sonographic images of axillary lymph nodes to create 3D models..

Indoor Mobile 2D and 3D Mapping Based on 6-DOF Pose Estimation

For the research of SLAM for mobile robot in the unknown indoor real environment, this paper presents a novel indoor mobile mapping system that provides a 6 degree

Gardiner, A New Letter to the Dead (Jea 15)

As thou livest for me, the Great one shall praise thee, (8) and the face of the Great God shall be glad over thee; he shall give thee pure bread with his two hands.. To

This Regular Meeting of Council was called to order on Monday, June 22, 2020 at 8:17 p.m. by John Ruediger, Council President.

Shawna Lockhart-Reese, HR Manager Caroline Kremer, Clerk of Council [by Zoom video conferencing:] Darin Power, Police Chief Rob Reinholz, Fire Chief Jenny Esarey, Finance Director

Chorionic thickness and PlGF concentrations as early predictors of small-for-gestational age birth weight in a low risk population

A statistically significant negative correlation was dem- onstrated in the study cohort between the maternal serum PIGF levels, foetal heart rate (FHR), birth weight and length,

Labor San Beda

 COLLECTIVE BARGAINING –negotiation by an organization or group of workmen, in behalf of its members, with the employer, concerning wages, hours of work

5D Planner

Exercise 1: Convert a Mine2-4D Project to Studio 5D Planner 16 Exercise 2: Start a project using the Project Manager 17 Exercise 3: Add files to the File Add List (legacy User