Previously, I discussed an experience where I found a firewall that was accidently configured in the wrong direction, letting unprotected outside internet traffic into the company’s network (https://www.bizzsecure.com/cyber-attacks-most-common-cause/). This leads me to one of the better best practices I can provide.
One of the bigger challenges in preventing cyber attacks is validating the implementation work completed by the IT team against the requests of the Information Security (InfoSec) team. This is also called connecting the dots between InfoSec directives and IT implementation. This is not a fault directed at either team.
InfoSec requests are currently viewed as a show stopper for the IT team who must stop all their regular work to address the InfoSec teams’ priorities and ensure compliance. Most members of the IT team do not have extensive InfoSec training, and likewise the InfoSec team has little experience at the IT level, which makes it difficult to validate the work done by IT against the request from the InfoSec team.
The best way to connect the dots is to empower the InfoSec team with IT expertise to ensure that the complete and correct picture is available to the InfoSec team as they build their requests and validate the work. With this knowledge, the InfoSec team will be able to validate security design projects and certify correct maintenance policies and procedures. When the dots are connected, and the teams have the appropriate resources available, dependable InfoSec can be achieved.
Stay tuned for more experiences and best practices that should help you avoid unwanted access to your company’s information.