The good news: Corporate board members are taking cybersecurity more seriously. This can only be a good thing, especially in the light of major attacks like WannaCry.
The not-so-good news: Many organizations are still unsure as to how to make improvements to their security infrastructure, and thus be more prepared against attacks.
To help you out, we’ve rounded up important questions to ask across several security categories. Consider each of these as you start building a cybersecurity plan.
- Does your organization have a Written Information Security Policy (WISP)?
- Have you documented a policy on regulatory compliance that apply to your system or data set? (e.g., a system in Alabama that stores PII for residents of Massachusetts needs to comply with 201 CMR 17.00)
- Do you have a method to properly destroy data?
- Do you execute drills to test Continuity of Operations Plans (COOP)?
- Do you provide routine education to users and maintainers of your system?
- How often do you review your accounts to validate appropriate access?
- Are you running backups of components, and do you move the backups offsite?
- Do you audit your border gateway/firewall access control lists to verify that it permits only the necessary data flows?
- How often do you update malware signatures?
- Do you review component health (HDD life, cooling fans, UPS battery status, etc.) with SNMP or SMART monitoring tools?
- Are you using scan tools to look for rogue access points?
- Do you compare your asset list against patch repositories? Against vendor support life cycles?
- Are you tracking asset vulnerabilities in real time?
- Do you know when your assets have last been tested for vulnerabilities?
- Do you have a layered security defense approach?
- How do you prioritize the remediation of assets?
Architecture and Assets
- Have you identified your critical IT assets and data?
- Do you use a screening router/gateway device configured with practical geocentric filtering?
- Is there a clear definition of your boundaries and demarcation points?
- Do you have a clearly defined inventory of HW and SW assets?
- Have you identified a set of users with physical and/or logical access to the computing system?
- Do you know what and where all your IT assets are?
- Does your vulnerability management program integrate with your risk management and disaster recovery planning programs?
- Do you know whether you’ve have been compromised? How certain are you?
- Would you know if your data is being sold on the dark web?
- How do you know if your employee or client data has been compromised?
- Do you have 24/7 continuous monitoring?
- Does your current security solution provide real-time analytics and testing results?
Assessments and Testing
- Do you conduct threat assessments periodically?
- Do you favor cost over value in a security assessment program?
- Does your security testing team use advanced methods and techniques to replicate adversarial methods of attack?
- Does your current security solution include tailored testing to identified compound weaknesses which can be combined into significant vulnerabilities?
- Is your security team available 24/7 to conduct realistic threat based testing?
- Do you think like your adversary does when targeting your assets?
- Do you leverage penetration testing to validate the existence of threats in your environment?
- Is penetration testing a component of your Secure Software Development life cycle?
- Do you test externally exposed user accounts for passwords exposed in publicly disclosed breaches?
- When responding to a day zero threat, what are your biggest challenges?
- What challenges did you encounter in detecting, containing, and eradicating a previous breach?
Tools and Services
- Does your current security solution include customized tools designed to be efficient and effective?
- Do you leverage OSINT reconnaissance to profile the exposure of your systems?
- Have you ever identified evidence of a breach through OSINT reconnaissance?
Considering these questions should help you begin to identify where your cybersecurity programs are succeeding and where you could use some enhancements. As you identify capabilities and services you need to bolster your programs, Lunarline is here to help with solutions ranging from our deep space surveillance program and incident response to penetration testing services.
To find out more, contact Lunarline today.