The analogy to our health, being aware of our health parameters, possible threats to our health and its causes, and our surrounding environment makes us plan better prevention steps to withstand from various diseases including the ability to bounce back when something difficult happens in our life. We accordingly tend to adjust our lifestyle habits and look after our physical and mental health to enable us to cope up with adversity.
In my view, organizations also need to adopt a similar approach to first gaining better awareness about itself and accordingly adjusting its defenses and preparedness to withstand the ever growing cyber-attacks. Organization can commence this by answering following 5 key questions followed by quick Cyber Health Check to know the “As-IS” status and developing a roadmap towards becoming Cyber resilient.
Does organization know about its critical services, operating environment, and supporting assets?
Does organization know what assets to protect and priority of protection?
Does organization know its crown jewels and whereabouts?
Does organization know the threats to its assets and weaknesses?
- Does organization know the top risks to an organization?
If organizations manage to answer these questions objectively and substantiate it with the supporting data, it would become the most important step towards becoming cyber healthy and cyber-resilient.
While improving awareness seems common sense and trivial activity, it is the most ignored fact in the organization resulting in improper safeguarding and poor risk management.
So, how do we achieve this foundational aim of “Being Aware”?
In my view, the first important step is to Know your operating environment and assets, centralize this information into organizational inventory and institutionalize this inventorying process to capture the changes. Following prescribed approach may help to achieve this objective.
Start Identifying your critical business services and support services, and map it down to supporting underlying assets (applications, hardware, software, information, people, and facility).
Draw the linkage of these services to underlying supporting assets and locate the whereabouts of these supporting assets
Use the various service and asset discovery tools to establish the linkage and input asset and environment details to organizational asset database like CMDB. Perform a combination of active and passive discovery to identify the managed and unmanaged assets.
Perform the discovery of your digital assets (External websites and web services, enterprise social media presence, mobile applications and application stores, external information sharing mechanism) and establish your digital footprint.
- Investigate on the unmanaged assets and regularize it in organizational inventory if found authentic, else enforce detach it from the network.
Second important step is to determine the ownership of the assets and classify the assets based on its business value to the organization. Based on the value of the asset, you should determine the protection and sustenance requirement of the asset.
Then out of these identified set of assets, you should identify your crown jewels, critical and sensitive assets. Post zeroing down on these set of assets, you should determine the whereabouts of these assets across its lifecycle and various hands it transferred during the lifecycle.
Next step is to know the various threats and weaknesses to these assets by adopting following prescribed practices to improve the situational awareness
Perform the threat modeling for your set of identified services and assets and arrive on your threat profile.
Create use cases to monitor these threats by seeking internal and external intelligence.
Leverage operational monitoring systems and various probes deployed at the network and end-point level for internal intelligence.
Subscribe to the external threat intelligence (Open source and commercial feeds, External risk monitoring agencies, Independent Security Advisories, Vendor security alerts, CERT security alerts) and contextualize it for your environment.
- Know your weaknesses by running regular vulnerability scan and configuration checks of your assets and feed these weaknesses into your continuous security monitoring system for correlation with the threats.
Configure the correlation rules in your continuous security monitoring system to detect the identified threats use cases by correlating the known threats (Internal and External feed) and weaknesses.
Once the threats and weaknesses were known, start determining the risks to the organization and managing these risks. Once you are “Risk Aware”, know the adequacy of current controls and identify the need for additional control to mitigate the risks.
While “Being Aware” is the first step, leveraging this knowledge contextually to improve your prevention, detection and response capability becomes further steps towards achieving cyber resilience.
Authored By - Prashant Deo
TCS Enterprise Security and Risk Management
Rate this article: