How true cybersecurity can avoid racketeering
Possibly the most crucial part of cybersecurity is being prepared for the unknown, and putting policies/rules in place that kick in any time they might be needed.
It’s a continual process of assessing the cyber risks to the organisation, building a team to respond, implementing a security change management practice, monitoring for security violations, and modifying the existing policy, which adapts to lessons learned and new types of attack.
All of this is prepared behind the scenes, so that employees within the organisation can go about their daily tasks without disruption.
I thought about this approach when I attended Wimbledon a few days ago. Because I wasn’t lucky enough to get tickets to the tournament, I joined the infamous Queue in order to obtain ground passes.
The sheer scale of getting tens of thousands of people to form an orderly line, remain in the Queue for hours (days in the case of some eager fans), process them through the turnstiles, and ensure nothing potentially dangerous enters the Grounds, is mind boggling.
It’s not an exaggeration to say that the system is a work of genius, one that has been refined over the years. It has also achieved the impossible… people actually look forward to queuing.
For many, joining the Wimbledon Queue is as much a part of the experience as the tennis itself.
Upon arriving, you are handed a 31 page booklet entitled “A Guide to Queuing”. You are also handed a “Queue Card” containing a unique number, which indicates your position in the Queue.
This number is what prevents queue jumping. If at any point you attempt to break for it, there are three things stopping you:
- Your fellow queuers, who have zero tolerance for this type of thing
- The honorary stewards who patrol the Queue, and get you to where you need to be (very politely and with a wonderful British sense of humour I might add)
- There are several check points where you have to show your Queue card. If your number is out of sync with the other numbers around you, expect a one way trip to SW19’s Police Station.
Perhaps it’s not quite that severe, but then again I’ve never seen what happens to queue jumpers…
My other half and I arrived at 5:30am; the recommended time to ensure you gain entry to the Grounds when the tennis begins. There were over 3,000 people in front of us, with more fans constantly streaming in behind us.
Over 16,000 people joined the Queue that day – all gathered in the one field, and all needing to go through several comprehensive security checks (no selfie sticks are getting past these stewards).
Of course, whilst all (ok, most) queuers understood that the Security checks and the quantifiable number of rules where wholly necessary, we also wanted to enjoy the experience.
That’s something that professionals working in cybersecurity also work towards – no disruption, no slowing down – just employees empowered to do what they need to do, knowing that the Security team has got their back.
Here’s our recommendations for the type of policies organisations should consider to ensure smooth day to day operations, whilst being ready to quash any potential threat:
- Create Usage Policy Statements: outline users’ roles and responsibilities with regard to security.
- Conduct a Risk Analysis for your systems and data with the following criteria:
- Low Risk– if this data was viewed by unauthorised personnel, corrupted, or lost, this would not disrupt the business or cause legal or financial ramifications. The targeted system or data can be easily restored and does not permit further access of other systems.
- Medium Risk– this would cause a moderate disruption in the business, minor legal or financial ramifications, or provide further access to other systems. The targeted system or data requires a moderate effort to restore or the restoration process is disruptive to the system.
- High Risk– this would cause an extreme disruption in the business, cause major legal or financial ramifications, or threaten the health and safety of a person. The targeted system or data requires significant effort to restore or the restoration process is disruptive to the business or other systems.
- Establish a Security Team Structure: Create a cross-functional security team led by a Security Manager with participants from each of your company’s operational areas. The security team has three areas of responsibilities: policy development, practice, and response.
- Approve Security Changes: We recommend adhering to the following guidelines:
- Change passwords to network devices on a routine basis.
- Restrict access to network devices to an approved list of personnel.
- Ensure that the current software revision levels of network equipment and server environments are in compliance with the security configuration requirements.
- Response: The first action following detection of an intrusion is notifying the security team. Without a procedure in place, there will be considerable delay in getting the correct people to apply the correct response. Define a procedure in your security policy that is available 24 hours a day, 7 days a week. Possible corrective actions are:
- Implementing changes to prevent further access to the violation.
- Isolating the violated systems.
- Disconnecting violated systems or the source of the violation.
- Shutting down violated systems.
- Restoring systems according to a prioritised list.
- Notifying internal managerial and legal personnel.
For more advice, please visit www.cisco.co.uk/securityTags: