CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | JULY 20219CIOReviewyour essentials handy. First, you will need the fuel to feed the plan just as you would need plenty of food and water if lost on a journey. This means capital and ongoing operating budget. Understand your capital both human and financial. Many CISOs struggle in this area. They have difficultly building a successful business case that is fit for purpose and aligns with the larger strategy including financial guardrails. I highly suggest anyone building a cyber program identify all current security costs and look for areas to repurpose those operating expense funds to services and tools that provide stronger coverage and potentially even a return on the investment.Next, you need your map. A map provides the guidance and path forward to help you from staying lost or even getting lost from the start. I prefer using a framework or standard that is already tried and true. I personally have based my programs on the NIST framework. The ideas of building coverage in the five areas of identify, protect, detect, respond and recover helps outline a perfect map for a program that you can easily continue to mature and develop over time. A journey would not be complete without a compass as well to help you determine which way to head to next. For my compass, I like to use a condensed version of the Lockheed Martin Cyber Kill Chain. Just like a compass, north is always north, south is always south, west is always west and east is always east. Cyber-attacks always happen in the same manner. If you focus on reconnaissance, infiltration, lateral movement and exfiltration or objective, you can find your way around your cyber program and identify which direction is the best direction at that movement to focus on or more forward against. Lastly, never forget your essential tools. In order to be fully prepared for whatever journey you embark on taking into account you never know what could happen along the way, focus on the fundamental tools. You need your sturdy boots, clothes for all weather conditions, a blanket, flashlight, water bottle and anything else that will help you survive if needed. Start with the "known" or basic essentials for your program and build on it over time. A strong endpoint tool, a monitoring tool like SIEM, a good incident response plan, strong policies, good end user education, a solid identity strategy and basic provisioning tools are all solid essentials to have in your survival kit. The final key to not getting lost on your journey to build a great cyber program is once you have the plan, don't forget to communicate it well and make sure key stakeholders understand your path and take others along with you. Give them the right level of details of where you are going, what path or map you are following, what essentials you have at your ready and ultimately the timeline and end goal of the hike. Remember that along the way, if you do get lost at any time, the most important tool you have is keeping a positive attitude. A journey would not be complete without a compass as well to help you determine which way to head to next.
< Page 8 | Page 10 >