As I noted in my previous article, companies should use foundational controls to assure integrity of their software and critical data – doing so can help prevent many data breaches and security incidents from occurring in the first place.
That’s not all that integrity driven by foundational controls can accomplish. Here are two more benefits organizations can enjoy when they give integrity the attention it deserves:
Integrity Connects Security and Operations
Security and operations personnel have different priorities. The former care about confidentiality, or the need to protect critical information in valued systems. Meanwhile, the latter cares about availability and uptime, all in an effort to keep those systems running.
Fortunately for companies, integrity connects operations and security together. It does so via foundational controls, security measures which both address vulnerabilities and changes that commonly cause downtime as well as reduce the attack surface that can lead to system compromise.
As a result, integrity can help both groups ensure that critical systems operate continuously in a known and trusted state.
Integrity Can Help Companies Address Security and Compliance
Enterprises commonly use frameworks to address their security and compliance needs with NIST, CIS, PCI, NERC, GDPR, and other standards. What they don’t know is that many of those frameworks focus on foundational controls that drive integrity.
For example, the first six of the Center for Internet Security’s (CIS) critical security controls (CSCs) can help an organization prevent incidents and reduce risk; five of those six measures align with integrity management as I’ve described it.
By implementing these tools first, an organization can prevent a majority of breaches, achieve compliance, and pass its regulatory audits.
Going the Distance
Many organizations do have at least some foundational controls in place but don’t go far enough with their implementation. These enterprises frequently (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Chris Fisher. Read the original post at: The State of Security