22 November 2020

CyberCom: Real-time Situational Awareness...

The Operational Risks to your enterprise that are associated with your digital assets, networks and infrastructure are vast.

What is your organizations exposure today?

The amount of daily "Cyber Intelligence" flowing into the organization is growing exponentially and there are few hours in the day to analyze it. You have invested hundreds of thousands if not millions on cyber security to keep your corporate systems protected and ready for any significant business disruptions.

Electronic Stored Information (ESI) is continuously being discussed at the Board of Directors meetings. Data Breach Notification Laws are being amended and the congressional pipeline for privacy and cyber laws is in full swing in the United States.

The Fortune 500 is already paying for "White Hat" hackers to test their online and data security. The only way to continuously determine the effectiveness of risk management controls, is to continuously test them in a lab or scenario environment.

This "Red Cell" approach to attacking the corporate assets from the "inside out" or the "outside in" provides the intelligence necessary to close the gaps and vulnerabilities. These penetration or vulnerability tests are necessary and the ecosystem of companies of sources and methods is expansive.

A Fortune 500 organization may currently subscribe to annual services that provide the intelligence that gives them an alert of a "Red Flag" in their security landscape.

The company that provides the intelligence is paying a substantial fee to a network of sophisticated professionals to exploit the vulnerabilities in software coding. Namely, the design, configuration or implementation of a complex set of technologies to determine where and how these vulnerabilities may pose a threat to your assets.

The model for Enterprise OPS Risk Management in the most savvy and enlightened critical infrastructure dependent organizations realize that cyber security is not a department or a unit at the company.

It remains a horizontal platform on which all business units and the departments of the organization rest and it's pervasive mechanisms for the security and safety of people, processes, systems and external events must operate 24 X 7 X 365.

Our future is about "Defend Forward" or an "Real-Time Situational Awareness" strategy.

"The “defend forward” concept outlined in the DoD’s 2018 cyber strategy charges Cyber Command to get as close to adversaries in networks outside the United States before they reach the nation. The command uses its authorities to operate in networks abroad to discover malware and enemy tactics that could be used against the American people or election infrastructure.

The command can either share that with relevant partners — such as the Department of Homeland Security, the FBI or private companies — so they can take necessary measures, or the command can unilaterally take action thwart malicious activities before they impact American networks."

The public and the consumer are becoming used to the fact, that the challenge continues to be an iterative process and worthy of some levels of patience. 

"Operational Risk Management (ORM) is not about eliminating all threats to the enterprise. It is about the speed and accuracy of understanding the current levels and threat vectors so you can effectively deter, detect, defend and document."

This "4D" approach to risk management in the rapidly changing, digitally mobile organization of 2020 and beyond is a shift away from pure information security thinking that is housed within the Information Technology Department...

No comments:

Post a Comment