Improving the Alignment between Cyber Security and IT Service Management Processes

I frequently marvel at the solutions our customers implement in order to walk the fine line where security operations and IT governance converge. The capability to simultaneously engage the needs of IT service management and cyber security requirements frequently requires a creative approach to effectively align business objectives, priorities and a variety of risk postures. One common denominator I have observed is that the most effective cyber security plans address these 4 points of effective security and IT management policy:

1. Create the right policy
This involves a collaborative approach that leverages the stakeholders from not only the IT and Security Operations groups but Legal, HR and Operations as well to ensure that their needs are also being addressed. Policies are only as good as our ability to monitor and enforce. A policy that detrimentally affects the ability of any one organization to perform their duties will quickly be discarded, opening the door to a domino effect of security issues. Additionally, this collaboration should address organizational dynamics including core services, internal customers and, when applicable, external or business partners that may require access.

2. Perform a risk assessment and analysis
Industry requirements aside, performing a cyber security risk assessment and analysis is critical to building processes that address our most vulnerable systems and processes. We can subsequently formulate a corrective action plan that addresses not only current needs but anticipates future requirements. As part of a greater Business Continuity Planning program, a risk assessment provides the insight to avoid security and governance concerns before they truly become “issues”. An example of this is the development of your Disaster Recovery Plan. Determining the critical systems and the need for warm and cold site requirements as the result of a detailed risk analysis will save your teams hours of work when trying to rebuild critical system data.

3. Define appropriate procedures
If actionable processes and procedures are the lifeblood of effective security operations and governance alignment, then a platform to ensure that these policies are available to the appropriate stakeholders in the form of actions that are vetted, repeatable and defensible should be considered the heart. Security orchestration and automation products, while typically focusing on security operations, can provide this needed heart to IT governance requirements as well. DFLabs IncMan™ provides our customers with over 100 Playbooks that outline the appropriate procedures for a broad range of incidents, delivered in a format that can be easily followed or edited as requirements change and evolve. This gives the user maximum flexibility to ensure the needs of all stakeholders are addressed consistently and with minimum delay during incident response activities when the time is often of the essence.

4. Focus on staffing
Staffing is a common issue on several fronts. Locating and retaining experienced staff is only part of the problem. Facilitating a knowledge transfer between experienced and inexperienced staff is also problematic and frequently results is a small group of individuals that handle the majority of the demanding cases. The good news is that more evolved organizations have recognized the value of utilizing the previously mentioned Playbooks. IncMan Playbooks provide a roadmap designed by the experienced staff members to guide the inexperienced members during the response process. This effectively provides these organizations with a force multiplier by not only reducing incident dwell time but providing the necessary knowledge transfer as well.

If you want more information about how DFLabs IncMan can help align your security and IT service management processes please contact us [email protected] for a no obligation demonstration.

A Weekend in Incident Response #9: How Can Banks Meet the New Cyber Security Requirements?

Financial institutions are always at a great risk of falling victims to cyber-attacks. They are under a constant threat of being attacked by hackers looking to obtain confidential information that can be potentially very lucrative. In a bid to make sure banks are prepared to respond to cyber threats in the most efficient manner, three U.S. federal agencies in charge of overseeing and regulating the work of banks have proposed a set of cyber security requirements that the financial institutions must meet when it comes to the management of cyber security risks.

The Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency have issued an advance notice of proposed rulemaking (ANPR) that contains standards on how to manage and improve resilience regarding cybersecurity risks.

The standards are designed to help protect financial institutions, as well as their clients, against potential cyber threats.

Incident Response and Cyber Resilience Among the Standards

Per the advance notice, the proposed standards will cover a specific group of financial institutions, including depository institutions and depository institution holding companies with total assets of at least $50 billion, along with financial market infrastructure companies and non-bank financial companies that are supervised by the Board.

These covered entities should comply with specific cyber security requirements that are designed to improve their cyber incident response procedures and prepare for potential cyber-attacks.

The agencies propose five categories of standards regarding cyber security:

  • cyber risk governance
  • cyber risk management
  • internal dependency management
  • external dependency management
  • incident response, cyber resilience and situational awareness

One Platform to Comply with all Cyber Security Requirements

Considering that there are a lot of aspects that the covered entities will have to pay attention to in order to meet the above-mentioned standards, it would be most cost-effective and practical for them if they adopted a platform that is capable of completing all tasks proposed by the standards.

Such platforms are now available on the market and can make life much easier for all organizations that these standards apply to. For instance, there are platforms that can help organizations ensure an effective and extensive incident response plan, providing complete control over cyber incidents. Organizations are advised to acquire such a platform that provides the ability to track and predict cyber security incidents, track and gather digital evidence, and create statistical reports, which are a key element to resolving a certain breach.

Also, that same platform can automatically manage all cases and data that’s required for cyber threats within your organization, as well as lab and inventory management, helping you comply with the cyber risk management requirements.

Finally, a platform that is specifically designed to prioritize your response and reduce the time it takes you to solve a cyber incident. The solution should help you comply with the Internal dependency management standards, while assessing the risk and provide action plans. A complete and full solution helps organizations reduce the risks of cyber-attacks and comply with the External dependency management standards.