Advanced Threat Protection

 View Only

A Day in The LIFE of Securing Our DATA 

May 16, 2017 02:53 PM

In my past 20 years of being an IT Information security practitioner, I’ve found there are really five key irrefutable security domains that are critical principle frameworks to protect our data, connected systems and networks.

Our talk at this year’s New York security conference to include a customer’s viewpoint will expand on these framework:

GOVERANCE FRAMEWORK                                                                                                                                                                                   Governance, Risk and Compliance is the starting point and foundation as it provides direction in addressing what’s important to a Company, State, County or Educational institution as it relates to regulatory compliance (SOX, FEPRA,PCI, HIPAA, etc.) and demonstrating compliance for data. Common vendor tools around GRC would show a dashboard of what you’re measuring against and progress against business goals along with the use of the Cyber Security Framework as your guide.

AUTHENTICATION FRAMEWORK                                                                                                                                                                             After you have your government framework in place, organizations would to have technologies to ensure these policies, it’s important to focus on your access control points.  This would include authentication as it relates to two-factor authentication, certificate management, cloud assess security broker and a SSO strategy.  Commons vendor solutions include MPKI, 2FA, SSO gateway appliances.  

INFORMATION PROTECTION FRAMEWORK                                                                                                                                                       Now that you have access control points locked down, you’ll want to prevent the exfiltration of data from the network to ensure confidentially of data and to protect against negligent employees leading data. Common vendor solutions include Data Classification, Data Loss Prevention, Encryption (whole disk, removable storage and email) and data back up and high availability solutions.

INFRASTRUCTURE MANAGEMENT                                                                                                                                                                         This framework is all about fixing software vulnerabilities and ensuring the right software is deployed to the endpoints. Common vendor solutions include systems management for patch and software delivery to include ticket management & mobile device management

INFRASTRUCTURE & CLOUD PROTECTION FRAMEWORK                                                                                                                                 This framework is the layered protection from the edge to the endpoint and include Spam, Phishing and Malware solutions to increase the work effort of a malicious person and/or process.  Common vendor solutions include endpoint AV & e-mail server protection, Cloud Security Broker and hardening solutions for sensitive systems. 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.