Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

5/16/2019
02:00 PM
Julian Waits
Julian Waits
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The Data Problem in Security

CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.

Today's CIOs are the stewards of company data, responsible for its health and performance as well as maintenance of the availability, speed, and resiliency their stakeholders expect. CISOs, however, sometimes serve as emergency room doctors for their company's data. Their role is to think about worst-case scenarios, diagnose the severity of incidents, and jump in when incidents happen or are likely. Their first priority is to keep patients alive, but keeping them healthy is worth bonus points.

Like ER doctors, CISOs need rapid prioritization tied to the health of the business to effectively triage incidents. To establish each organization's guidelines around what data matters most every CISO must consider reputation, resiliency, and regulatory impact.

Defining and Solving the Data Problem
A CISO must consider focus on business protection, cybersecurity breaches, and the role of data in their organization:

● Reputation: Which data loss would hurt the business' reputation and negatively impact a customer or investor's confidence in the business?

● Resiliency: What data outage could cause business disruption, and could the business come back from the outage?

● Regulatory impact: What is the financial or legal liability?

With these themes in mind, the CISO's data problem is twofold: which data most needs to be protected, and what data is needed to monitor and diagnose an incident when protection fails?

The first step is for the CISO to get their arms around all the data that matters. These days, data ownership is often federated, so CISOs must team up with peers to get access and manage the overlapping ownerships. For example, the security team may have access to one body of data, whereas application teams have another. Lines-of-business leads would own their business data in SAP, for example, while the CIO would manage the infrastructure's operational data and maintain the health, performance, and security protection of SAP and the data it contains. Underscoring this business dynamic is the critical role that CISOs play: They need to ensure their peers have visibility into all business-critical data, and they need to ensure they have full access to this data and its supporting systems.

With the data in hand, the next step to solving their data problem is to examine tool sets and ensure they have maximum visibility. Today, environmental complexity is such that you may not know what it contains, making visibility difficult to achieve. Organizations have on-premises environments, workloads in multiple clouds, numerous purpose-built applications, Internet of Things devices, and more. When combined with organizational silos, shadow IT, rogue DevOps teams and business units driving "digital transformation" that put speed-to-market ahead of architectural elegance, efficiency, and application security, it becomes even clearer that the job of the CISO is getting harder every day.

Business Impact Analysis Best Practices
Forward-thinking CISOs lead their teams with the goal of protecting what matters most while maturing their security capabilities and posture. This begins with a business impact analysis that explores which applications and systems are most critical to provide the environmental visibility needed to enable effective data protection. In any organization, this task is daunting and time consuming; however, the larger the organization, the higher the risk and the reward. Both the CIO and CISO have much to gain by looking strategically at their organizations, aligning efforts, and improving the efficiency and effectiveness of their teams and technology.

With business impact in mind, CISOs can better drive security maturity and improve their cyber hygiene. This can start with simple but necessary activities like vulnerability identification and management, endpoint protection, or malware detection; even these activities can be prioritized by business impact and informed by a view of reputation, resiliency, and regulatory requirements.

Once CISOs have grasped the business impact of their data according to the three pillars — defined data boundaries, access, and tool sets in use across the organization — then it's time to review tools' effectiveness and return on investment. Most CISOs know not all their tools are effective or delivering as promised; what's important is determining which tools are truly useful or necessary, and understanding the financial impact. This is also an opportunity for CIOs and CISOs to work together — there's limited technology budget to go around. If CIOs and CISOs can leverage system synergies on top of common data sets, and then further align systems with critical business units, then there is a huge opportunity to optimize spending, operations, and protection.

Emergencies Are Preventable with Primary Care
The constant specter of a serious data breach keeps many CISOs up at night. CISOs know how to handle emergencies, but like their ER counterparts, they'd prefer they never happened in the first place. The modern CISO needs to start with primary care — understand business impact, the effect of security incidents on reputation, resiliency, and regulation, and then address these needs with a robust security program aimed at mature cyber hygiene.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Julian Waits has 30-plus years in senior leadership roles at technology companies, specializing in security, risk and threat detection. He services on several industry Boards, including ICMCP and NICE, promoting development of the next generation of cyber security ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17666
PUBLISHED: 2019-10-17
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-17607
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17608
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17609
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
CVE-2019-17610
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.