Technology Made Simple
Sunday August 1st 2021

Q&A Monday: Starting a Cyber Security Program

Question:

I work for a small company and my boss recently tasked me to start to strengthen our defenses against a cyber attack, but I’m not a security expert, whats the best way to plan this out before I get started.

Oda Cox
Norway

Answer:

Thanks for the question, I’m glad you kept it at planning level because it’s not something that you can do quickly, it’s a process that never ends. One of the places to start you planning is to (if you don’t already have it), draw out your attack surfaces. The systems and hardware that are externally available. You’ll can’t start the planning process or even the process of prioritizing the work without getting a view of your attack surfaces.

Once you have your attack surface mapped out, then make sure you scan your systems to find the vulnerabilities in those systems. Once you know your attack surface and the vulnerabilities, then you need to sort those vulnerabilities from the most significant to the least and this will let you know what order you need to plan these systems. I’m sure business priorities and processes will play into the planning phase, where you might have to wait to take down some serious vulnerabilities if it’s part of a major system.

While you are working on the vulnerabilities, the best thing to do, is work on improvements (or implementation) to your security practices and policies. One practice, that’s easy to do, hard to implement if you don’t currently have it, is a strong patching plan. Another good practice to get in the habit of, is testing your backups…if you backup and don’t test..then you really don’t know if you need it…if it will work. If you can, make sure that you segment your network where you can, stay away from flat network designs.

If you aren’t already doing it, or have the software, get a monitoring system. In the event someone does breach you systems, without a monitoring system (like a SIEM), you wont be able to tell. This is also amazing at helping to see what is being changed in your environment.

With monitoring, should come the testing of systems. You should get some penetration testing software to test your systems. This goes hand in hand with the monitoring, since you should be able to see the testing in the logs. If you don’t, means you need to retool your monitoring systems. Penetration tools, will give you feed back that you can use to fill back in your vulnerability list.

Once you are comfortable with these systems in place (as I mentioned its an ongoing process), and you can convince your higher ups, hiring an auditing company to audit your processes and systems is a great idea. Even the best security professionals need a second set of eyes to make sure they didn’t miss something. Tunnel vision often happens and the report at the end will help you guide the security program forward.

——————————————————————————————–
If  you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question.  Check back every Monday for a new Question and Answer session, and check back Wednesday and Friday for other technical insights.

Leave a Reply