More Related Content
Similar to The Silver Bullet of Cyber Security v1.1
Similar to The Silver Bullet of Cyber Security v1.1 (20)
More from William Kiss (8)
The Silver Bullet of Cyber Security v1.1
- 1. Many would argue: “There is NO Silver Bullet” to prevent a cyber-attack. While this is fundamentally correct, there are a
few basic items that are routinely overlooked by executives that fail to address their company’s vulnerabilities.
How many times have you heard: “If you fail to plan, you plan to fail…”? Countless, no doubt.
Do you store (Data-At-Rest) sensitive data on your computers?
How many databases or files do you have that contain sensitive data? PII, PHI, HIPAA, GLBA, FERPA, et al.?
Do you know which data is encrypted? Are you sure?
Do you know where each of these data items is located?
When was the last time each was backed-up?
Where is the back-up stored?
Have you tested your back-up to be sure that you can restore it? (Part of your Resiliency capability…)
Are your Access /Event Log Files stored in a manner which prevents a hacker from destroying them?
What would happen to your business if hackers broke into your systems and stole your sensitive data… or
encrypted it so you could not use it?
Even though your data may be stored “in the cloud” you may still be liable in a data breach.
1. Retain the services of a Cyber Security Consultant to help you navigate through the process of a S.W.O.T.
Analysis (Strengths, Weaknesses, Opportunities, Threats) of your individual IT environment. Every company is
different. Although there may be similarities within an industry, each company’s configuration is unique.
2. Be PRO-Active, not RE-Active. Select a Cyber Security Incident Response Team BEFORE an attack occurs.
3. Purchase a Cyber Liability Insurance Policy from a seasoned Cyber Liability Casualty professional.
4. With the help of your Cyber Security Consultant, layout a Cyber Liability Incident Response Plan. Involve ALL
members of the CSIR Team, including the Cyber Liability Insurance Company your team has selected.
5. Map out a data-flow of where business critical information exists (resides) within your organization.
6. Do you have any Intellectual Property within your company that is critical to the ongoing or future operation of
your business?
7. Implement a Back-Up & Disaster Recovery Plan (Different than a Data Loss Prevention Plan). You MUST have
the ability to recover your key systems and information assets for your business. Should you fail to do this single
step, you may not be able to recover in the event of a cyber-attack.
8. Implement a Vulnerability Assessment & Remediation program on your IP connected network components.
Follow this with a Penetration testing and employee phishing awareness program that pushes the cyber-warfare
theme “Cyber Security-Everyone’s Responsibility”. Be aware that there are Internal Network Components and
External User Components to be considered in each configuration. Don’t just be concerned with the Internal
Network Components. A hacker can easily implement a Man-In-The-Middle Attack and compromise your
systems.
9. Continually Test / Review & Revise your Cyber Security Incident Response Plan (Monthly / Quarterly).
10. Join the one of the FBI’s Awareness programs: InfraGard for I.T. professionals and DSAC for Executive
Management personnel. www.InfraGard.org or www.DSAC.gov
While the above is not a complete list, it is a start… (A journey begins with the first step…) Good Luck in your efforts.
William “Bill” Kiss is the CEO of Global 1 Research & Development, Ltd. More info can be found at www.BillKiss.com
Copyright © 2016, Global 1 Research & Development, Ltd. All Rights Reserved