Almost every enterprise aspires to use technology for integrating information, achieving process efficiencies and transforming service delivery into a paragon of effectiveness. Organizational leaders should manage innovation by creating processes that sustain or increase business performance and growth. If properly integrated, among other benefits, information technology can provide a competitive advantage for innovative products and services. Nonetheless, there is a need for innovation governance to ensure IT is achieving management’s objectives.
When developing an information security architecture framework in a new organization, there are a few steps that normally have to be taken to identify the business requirements, the right framework and the controls needed to mitigate/minimize business risk. In my Journal article, I explained the process of how this works.
Once the controls are identified, it is time to create projects and implement them. This might not be a big issue when dealing with a mature company that already has many of controls in place and only needs a few additions. However; this could be challenging when the number of projects and controls increase. The question is how to prioritize these projects and controls and implement the most important ones first.
The first step is always the hardest. If your organization lacks adequate cybersecurity intelligence processes and you are looking for a quick win solution, we are here to assist. We have compiled a complementary list of cyberthreat intelligence sources that yield positive results from some of the most notable cybersecurity companies available on the Internet.
The first step is to automate the data mining processes from these websites. Therefore, we highly recommended organizations invest in programming a crawling process using Python or, if available, set up a communication line between your database and the source by using an application programming interface (API). Furthermore, we advise you to contact your required sources, whether that be a security company or indicators of compromise (IOC) provider, for additional information regarding their services and the best methods to consume them.
Information security professionals should start considering cryptographic approaches to protect enterprise data and mitigate database breaches. System security in layers provides an approach for many organizations today. However, these approaches depend on human factors. Cryptographic measures ensure that databases are protected even if a database is stolen or there is an insider attack.
Professionals need to start today by evaluating and building cryptographically secure databases. By starting now, professionals will be able to accurately assess the impact, development requirement, operational support and costs. Then, an accurate model can be shared with management to deploy into the enterprise environment.
We live in an age where a tremendous amount of information is shared freely on the Internet, and, in many cases, with little regard for the consequences. In some cases, we do not even recognize sensitive or confidential information, which can come in many forms and exists in every organization. The loss or exposure of this data can affect people, their families, their well being (e.g., healthcare), the organization and, in some instances, the country.
It is because of these concerns that I wrote my recent Journal article. The article begins with an identification of the types of data that need protection and where they are located. From there, it goes on to provide examples of threats, the associated risk factors and the causes of data loss. These areas are presented as an awareness and training outline for all organizations to improve their in-house rules of behavior, security and privacy training programs, and internal data protective procedures.