• Latest
  • Trending
How Information Security Breaks The Classic IT Model

How Information Security Breaks The Classic IT Model

June 27, 2022
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Wednesday, 29 March, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

How Information Security Breaks The Classic IT Model

by ITECHNEWS
June 27, 2022
in Leading Stories, Opinion
0 0
0
How Information Security Breaks The Classic IT Model

While many of us that worked in IT know, this is not an uncommon reality. Businesses take a downturn and outcomes the “peanut butter knife” with finance about to spread the budget cuts evenly across all departments without much regard for longer-term implications. Within IT, of course, this becomes even more of a complex problem.

Going Public With Financial News Also Draws More Attention From Hacker Community

Hackers and cyber criminals also read the news. They know which organizations have financial setbacks. Many hacker groups will even approach social engineering to see if anyone in IT or SecOps knows if any layoffs are coming. If an organization announced any change in financial condition, an increase in attack vectors, coordinated attacks again their systems, and cybersecurity attacks against their employees should be expected.

YOU MAY ALSO LIKE

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Data Leak Hits Thousands of NHS Workers

Cost of Breach Could Be Greater Than The Expected Cost Savings

IBM’s annual Cost of a Data Breach study revealed a single data breach could cost a company up to $3.29 million, a 12 percent increase from the cost of violations from the previous year. That $3.29, even with cyber insurance, is still a significant hit to the organization’s bottom line. The CISO should be the ultimate authority when reducing cybersecurity operations, personnel, and budgets. If the CEO requires a 20% reduction across the whole organization, reducing security only puts the company at risk for a breach that could make far more financially impactful than a drop in sales.

When considering the cost of a breach for a moment, the need for a transformation model makes more sense than we realize.

Technology Producers and Corporate Consumers

As a technology sales professional for almost 26 years, the fastest way to close a deal is to find a way to attach your product or service to a group within the client’s organization with the need, budget, and relevancy. Will your solution solve their business problem while staying with the budget allocated for the specific project? Is this project top of mind with the CIO equality to the business group requesting your solution? What is the risk to the corporate consumer if the platform has several potential vulnerabilities and exploits? Does the technology producer have the needed resources to sustain operational technology expectations even during budget cuts?

In simple terms, we define the business group as the “consumer” of the technology and IT as the “producer.” One group consumes the technology while the other one is the enabler. A company with 4000 employees needs centralized content management, a supply chain portal, and a sales/commission system. IT is working with technology providers to develop and enable the consumers to leverage the platform to solve their business needs.

Based on the CEO/CIO dialog, if the company has mandated a reduction of its expenses and headcount, then reducing the number of licenses by 20% would meet this budget reduction requirement.

How does information security fit into the producer/consumer model? In some cases, yes, information security does fit into this in several ways:

  • a. Number of consumers requiring multi-factor authentication for Zero-trust access
  • b. The number of endpoints required to have EDR/XDR security
  • c. The number of users required to receive patch and service pack updates
  • d. Number of endpoints that require backup for compliance

These areas of information security align well with the 20% reduction requirement.

However, what about the rest of the information security capabilities? This provokes the dialog about redefining information security as a utility for the corporation and not a member of the IT department begins to make more sense.

Information Security as a Utility

IT and building maintenance focus on ensuring everything is working and ready for use, whether the HVAC system or network infrastructure. Similar to facilities, when a corporation decides to locate its new office in a new city, facilities work with the leaders to define the size of the business, power/cooling requirement, and the number of parking spots. Etc.

Once the faculty is completed, IT learns the data center size, the number of employees, the expected amount of power/cooling and network drops, and WIFI expectations. Once the network teams with APP Dev deploy the network, other elements, including information security, begin to enable their solutions.

Moving Information Security Into Its Department

Following the same business model for a moment as facilities, information security teams, separate from IT, layout the same parameters ahead of IT to ensure all critical infrastructure systems, including the network, applications, and users, meet corporate security standards well ahead of any deployment from the technology producer group.

Examples of Information Security Utility Modeling

  • Information Security sets specific mandates around how the network needs to be built to compile with ISO 27001, PCI-DSS, NIST-800, Fedramp, etc.
  • Information Security mandates network containment, VLAN, and routing approved protocols.
  • Information Security mandates that EDR/XDR endpoint security needs to be deployed before any end-user consumption.
  • Information Security mandates all rules and processes around all remote access before any services have been enabled.
  • Information Security delivers its utility layer services in line with network and applications teams.

The new Information security standalone department model aligns well with organizations that have embraced the DevOps model. Information security becomes a traveler across several scrums through product development. Information security brings its approved frameworks into the various sprints to help ensure governance and compliance are built into the fabric.

While this line of thinking isn’t new, the idea of an equal Chief information security officer and Chief information officer corporate alignment even when it comes to budgets and cross-charging models helps remove information security from classic budget cuts and reductions. Even with headcount and cost-cutting, the organization must maintain the highest protection.

How Threat Modeling Becomes The Audit and Governance

Organizations that successfully have moved information security to a separate department can now leverage threat modeling as the unified auditing and compliance workstream. With every sprint within the agile model, an element of threat modeling includes:

  • Point-in-time pen testing
  • Continuous vulnerability scanning
  • Updating the composite risk scoring
  • Set the prioritization of remediation, along with automated retesting

Separation of duties between SecOps, NetSecOps, and DevOps is achieved and supported by the threat modeling audit and compliance workflow.

Culture of Security

While many in business still believe that “sales run the company” or “engineering and product run this place.” Getting hit with a significant cybersecurity event will have a significant impact on sales and product confidence. Cybersecurity arguable “should be the companies top priority.”

In the new world, we live in, cybersecurity is the brand of the company, the culture, and the saving grace of the data. The information security department and the C-level position should be equal to other C-levels, not a footnote on the budget line item.

Source: John P. Gormally
Via: Security Boulevard
Tags: How Information Security Breaks The Classic IT Model
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023

Recent News

  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • EU Cybersecurity Agency Warns Against Chinese APTs February 20, 2023
  • How Your Storage System Will Still Be Viable in 5 Years’ Time? February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version