One of the only things that is constant in life is change. It’s the same with cybersecurity. There are different types of changes to consider.
- Changes that we accept
- Changes that are good
- Changes that are bad
A lot of changes in our everyday life are out of our control. It can be hard to discover, monitor and even react to change. However, when it comes to change in the world of cybersecurity, it’s possible we can manage that change in a way that can have a positive impact on our business.
Change is a leading indicator of your systems becoming vulnerable to being exploited; therefore, monitoring change of your systems is critical. But where do organizations start, and how do they know what is important?
- An easily understood series of steps. A recipe. A playbook. Call it what you want, but it needs to be repeatable and not overly complicated. Make sure to build in an emergency break/fix plan, as well.
- An effective system of record that is accessible. Something automated is preferable, but again, a spreadsheet on a SharePoint server is better than nothing at all. It also certainly beats shouting across the cubicles: “HEY, I’M ABOUT TO MAKE SOME CHANGES TO THAT SERVER!”
- Identify who the stakeholders are. There should be a mix of technical and non-technical folks involved who have a vested interest in the process. Segregation of duties will be a key component here. The folks making the changes should not be the ones approving them.
- Reporting is a huge issue. Not just deep detailed byte-level changes, mind you. No business unit owner will understand that. This is why service-level reporting is (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Pinckard. Read the original post at: https://www.tripwire.com/state-of-security/incident-detection/change-inevitable-tripwire-file-analyzer/