Creating a Framework for Continuous Improvement in Cybersecurity: Part Three in a Three-Part Series on Navigating Change in Cybersecurity
Innovative technology meeting talented people is the crossroads of success for a cybersecurity organization. Cybersecurity is not just about the next visionary, next best tool, best leadership team, talented staff, or proper funding. It’s about a synergy of all of those elements. Incidents in today’s world may be viewed as inevitable, but one of the most critical decisions an organization must make is not just about the security tools they have purchased and implemented, but the security personnel and services entrusted to secure the environment.
In the first two blog posts in this series—Raising the IQ of Cybersecurity and Harnessing the Power of Machine Learning and Automation in Cybersecurity—we discussed how CVP’s “Predict. Prevent. Protect.” model and our intelligence-driven approach to automation and Machine Learning provides organizations with the tools and technology needed to create their cybersecurity programs. But how do we make sure that those tools are implemented within day-to-day operations? How can organizations create a framework for continuous improvement so that they can continue to adapt to change from both a technological and organizational perspective? There are three specific ways CVP helps organizations improve communication and workflow while creating opportunities for continuous improvement.
1. Enhancing Communication with ChatOps
The adoption of ChatOps provides a platform for conversation-driven investigation, bringing together security personnel, security tools, chatbots, and incident response workflows in the same communication channel to further streamline processes and expand situational awareness. Want to know how many assets have been identified as infected by an Indicator of Compromise? Simply type in the chat box and ask the tool. Those entering into the incident pipeline after the fact will be able to scroll back through the chat channel and see this critical information. But don’t worry about having to ask all the time; the tools will also “talk” to security personnel in the channel at defined execution points.
2. Saving Time and Money Through Automated Security Assessment
The CVP automated security assessment approach provides for continuously visible and measurable activity tracking of all security assessment activities through the use of orchestrated workflows. Detailed reporting provides metric measurement and dashboarding with the ability to drill down into specific tasks inside of the workflow. The overall automation saves organizations money by reducing the amount of time system staff spends supporting the assessment through data pulls, system walkthroughs, or interviews.
The workflows automatically test controls based on the security categorization, ensuring that only the applicable security controls based on the system’s confidentiality, integrity, and availability ratings, are assessed. Testing is accomplished through a combination of both automated and integrated tools and scripts that return results for machine-based analysis and compilation. In the event a manual check (e.g., interview) is required to fulfill the control/task, the tool automatically assigns the task to the appropriate security assessor to fulfill the required manual steps–including the assessor’s notification of control/task completion back to the tool.
Throughout the workflow, the tool automatically tracks the completion of the manual tasks providing automatic reminder alerts at defined times until tasks are completed. At the end of all tasks, results are output in the Agency’s format. Additionally, the tool automatically executes reassessment activities at the required timelines, making missed start dates an ancient practice. Prior to the execution of any security assessment activities, the tool provides notifications to system and security personnel at established timelines ensuring any potential system impacts and requests for delays are addressed directly within the tool.
Additionally, security assessment information is readily available and automatically attached to security incidents during investigations. At the end of a confirmed incident, the tool automatically triggers an assessment of the affected systems, providing an updated risk picture. This dynamic, refined CVP approach decreases the time required to complete a security assessment from weeks to days and integrates both security operations and risk management activities.
3. Ensuring Continuous Improvement with the Cyber Delivery Range
CVP’s cybersecurity practice wasn’t complete without the implementation of our Cyber Delivery Range. The ‘range’ is far more than just a lab. It’s a dynamic environment available to our clients for cybersecurity services, such as threat intelligence, malware processing, and reverse engineering. Additionally, cybersecurity tools are continually assessed to provide a framework for recommendations. When asked by a client how one tool differs from another, CVP’s cybersecurity experts are unilaterally trusted because they have both seen and experienced the tools and can make knowledgeable recommendations. Lastly, the ‘range’ provides a training and event center for both our employees and clients in which to learn, demonstrate proficiency, and engage security tools, playbooks, and processes; creating an educated workforce that comes to work ready, willing, and able to exceed the standard.
Security, trust, and privacy are all at risk and are all vital and intertwined from a cybersecurity perspective. Cybersecurity organizations are, at their core, customer service entities designed to protect data, people, and assets while ensuring the organizational business seamlessly operates to provide a better overall experience. Today’s digital world has forced a realignment to not just look at how cybersecurity is viewed in the future, but how an organization will view its success today.