Careful What You Wish for

Trust is at the core of
Integris Security LLC

Have you ever wondered where to start in securing your computer operations?  Its natural to be concerned and to suffer from some anxiety. Careful what you wish for because when some people apply for CSO, CISO jobs they may suddenly find that they got what they wished for.  Now what?  Where do I start, what comes first, yikes I need priorities, but where?

Integris Security LLC with the help of some of our friends from the NY InfraGard Thursday Conference Call came up with some great resources which you should become familiar with.  We also discussed at some length ISO 27001.  It was the conclusion of the of the callers that the ISO standards are written to be very broad and do not focus the security professional on what needs to be done with any given priority.  The ISO standard could lead you down a road unfocused and without clear priorities of what's really important for your organization.

Here are some focused security and risk management resources:

• Security Affairs Blog Post
• NIST Cyber Framework
• Council on Cyber Security
• Tripwire Executive Guide Top 20 Security Controls

Security professionals need to have a full understanding of the environment which they are securing.  These men and women need to be able to explain to others why we need this control, that defensive tool, etc...  The security professional needs to be intimately involved with the infrastructure and provide a solid understanding of every facet of the operation.  This work takes dedication - endless time and energy that becomes the life and work product of a CSO/CISO.

CSO's and CISO's would do well to build a set of books which would consist of the environment that they have been hired to protect.  In these books should be the SANS twenty controls.  Each control should be explained in detail and record of examination clearly maintained so that each fresh security face  looking at the systems will not have to hunt for the documentation.  This is part of your audit trail.

Why SANS? The SANS organization has distinguished itself as an expensive but outstanding security organization from which excellence is derived from.  The SANS top 20 security controls are maintained and updated so that security professionals can be assured they are addressing the top known threats.

How can a true security professional even begin to contemplate securing an organizations assets without knowing the environment inside / out?  It is impossible.  If your organization needs assistance in understanding these and other security issues, give Integris Security a call and let's get started today.

Trust is at the core of Integris Security. We can be counted upon to provide you with the services and intelligence to keep your information, systems and institution secure. Call us and let's get to work on improving your security/risk posture.