Security Remediation Planning: Tips for Non-Security Executives
“People are spending a lot of money right now on remediation planning, but they are surprised that they are not getting the results they expected.” -Mike Gentile
As we enter, 2017 many organizations are currently planning how to fix significant amounts of security issues within their organizations. These issues, ranging from large scale system patching for vulnerable systems to a lack of security related processes such as risk management.
This article is designed to help executives that may not have specific information security backgrounds with tips and considerations for their planning activities.
Tip 1: Understand the difference between tactical and foundation planning efforts
Tactical efforts are considered groups of one-time tasks performed expediently. For example, the remediation of a large group of security vulnerabilities on systems. Foundational remediation efforts are associated with setting up and establishing repeatable processes or standards for performing remediation activities. Tactical efforts get you a one-time benefit from their performance while foundational activities get you more efficient and effective progress over time.
Tip 2: Focus on both tactical and foundation efforts in your planning
Organizations are experiencing complexity and breadth of work when it comes to security program development and planning. To succeed, it will be best to focus on both tactical and foundational types of work in varying doses based on the business need. Finding the right mix is essential to ensuring that work is done in the most cost-effective manner.
Tip 3: Define standards and processes to do the work and then do it
In any organization, your requirements and standards for security should be demonstrated thru your suite of security policies, standards, and guidelines. It is highly recommended that your tactical remediation efforts are performed against your security policies and standards. If your existing policy set is not accurate or good enough to be used, then you should fix this before going and taking on large amounts of tactical efforts.
Tip 4: Parse the work and then run them thru the new process
Many tactical efforts in Information Security are associated with large amounts of repetitive tasks. For example, patching 20,000 systems in your environment. Instead of just going and fixing all 20,000 tactical items at once, build the associated process for performing this work, a foundational effort, and then push some of the tactical work thru it. In this example, break off say 1,000 of those vulnerabilities and run them thru the new process. After the first 1,000 are fixed, improve the process based on the lessons learned from that initial work, and then go on and fix the rest using the enhanced process.
Need more information? Contact one of our Cyber Security experts