IT VULNERABILITY AND CYBER SECURITY MANAGEMENT

It is an accepted axiom of life in the 21st century that we live in an online and interconnected world.  Technology is pervasive, and access to the internet and e-mail, whether from PCs, tablets, or smart phones is almost a necessity of modern life.  Although online access makes obtaining and sharing information much easier and convenient, it also increases the risk that your sensitive data and information could be compromised (i.e., hacked) by outsiders.

To reduce this risk, a firm or organization can implement or develop certain policies and procedures that can better protect the IT environment from external vulnerabilities or cyber risks.  The following, but not all inclusive steps, can be considered to help implement a more secure online environment and reduce any IT vulnerability or cyber security risks:

  • The use of passwords is one of the most basic countermeasures that are used to secure access to computer systems and information. As a result, passwords should be well thought out and should never be written down.  It is also a best practice that passwords are changed on a periodic basis, should require a minimum length, and offer some type of complexity (i.e., combination of letters, numbers, or special characters) so that passwords are more difficult to breach.  In addition, default passwords that are shipped with most software packages should be changed once the software has been installed.
  • There needs to be a formal configuration and change management process to authorize, track, test, and implement any changes to the IT environment. Since changes may affect the security of the systems, it is imperative that changes be applied in a controlled and well thought out manner.
  • A firewall should be used to protect access from your internal network to the internet. In addition, the firewall must be monitored so if any inappropriate access does occur, it can be detected and the appropriate actions taken to resolve the issue.
  • IT systems and applications evolve over time in the form of upgrades and patches that need to be applied in order to address operational and security concerns. It is important that the systems and applications in your organization be kept up-to-date in order to mitigate any potential security threats.
  • Perform vulnerability scans of your internal and external (web facing) systems. A vulnerability scan is performed by using specialized software tools that examine your systems and reports any issues or problems that it identifies as requiring remediation or attention.
  • User access rights should also be reviewed periodically. As users are added and removed from the systems, and access rights are modified over time, user entitlements and system access rights often get overextended.  Since these overextended access rights can sometimes be used to exploit the systems, it is important that these rights be reviewed on a periodic basis so that access rights can be properly adjusted and restricted, if necessary, to reflect the proper level of system access for each user.
  • Remote access to the IT environment should be closely monitored, especially for third-party or vendor access to your systems environment. Many well known security breaches have originated from third parties who were given access to a client/customer system through remote access.  Since any security system is only as good as its weakest link, and remote access is often the weakest link, it is imperative that you monitor and control remote access to your systems at all times.
  • Any sensitive data should be encrypted when it is stored. In the event of a breach, the data would then be unreadable or easily accessible.  This significantly reduces the risk that any unauthorized access could compromise or obtain sensitive data.
  • Develop an organizational information security policy that details the organization’s approach to information security and details what is expected from each person as it relates to information security. The communication of basic information security concepts adopted by the organization to its employees can have a dramatic effect on reducing IT security related incidents.
  • Develop an incident response plan in the event that a breach or incident does occur. The best defense is a good offense.  If you wait until an incident does occur, the response may not be well thought out and may not sufficiently mitigate or resolve the incident.

Additional, more detailed, information can be found in the Framework for Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards and Technology.