The 3 W’s (Wares) in Security Management
The information security landscape has changed dramatically in recent years. While the network hacker continues to pose a threat, regulatory compliance has shifted the focus to internal threats. As noted by Charles Kolodgy, analyst at IDC, “Compliance shifted security management from monitoring external network activity to managing internal user activity at the application and database level.” Whether contending with the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Federal Information Security Management Act (FISMA), or other compliance challenges, companies must prove diligence in managing information security risk. Maintaining the integrity of security information is increasingly complex, consuming valuable resources. Service-oriented architectures are increasing the pace of application development. Networks are comprised of more applications and data with greater distribution, creating more access points to critical data. Though visibility into real-time threats and vulnerabilities is called for, most organizations lack the tools needed to transform information security data into actionable security intelligence. Security Information Management Challenges Developing and implementing an effective security information management system has many challenges. With the recent explosion of information privacy and security legislation, executives and IT groups are more accountable for security requirements and compliance auditing. Closer examination of company security postures is exposing potential vulnerabilities previously unimportant or even unrecognized, including:
Disconnect Between Security Programs visitor management system and Business Processes – Information security programs are often inadequately integrated into business processes, creating disconnect and process inefficiencies.
Fragmented Security Information, Processes, and Operations – Information security often takes place in a decentralized manner. Separate databases and unrelated processes might be used for audit assessments, intrusion detection efforts, and antivirus technology.
Security Performance Measurement Difficulties – Many organizations struggle with performance measurement and management, and developing a standardized approach to information security accountability can be a daunting task.
Broken or Nonexistent Remediation Processes – Previously, compliance and regulatory requirements called for organizations to simply log and archive security-related information. Now, auditors request in-depth process documentation. Both threat identification and remediation are becoming more important.
Abnormal User Activity and Data Leakage Identification – With today’s security requirements, organizations need to quickly and efficiently add processes to facilitate incident identification and detection of anomalous behavior.
Security Decision Support Solutions Today, achieving information security compliance and managing risk requires a new level of security awareness and decision support. Organizations can use both internal security expertise and external consultants, to implement security information. Integration of network operations centers with security operations centers aids timely identification and remediation of security-related issues. For successful security decision support, organizations must automate incident response processes. These automated processes, however, must remain flexible and scalable. Risk management and compliance are dynamic, with ongoing modifications, regular and complex security incidents, and continuous efforts for improvement. A successful comprehensive security decision support solution involves several critical elements: compliance, business services continuity, threat and risk management, and security performance measurement. Compliance
The emergence of compliance as the leading driver for information security management projects has forced organizations to refocus on securing underlying data critical to financial operations, customers, and employees. Achieving regulatory compliance is a complex challenge for organizations, with massive amounts of data and complex applications to monitor, and increasing numbers of users with access to those applications and data. Organizations need accessibility to contextual information and to understand real-time network changes, such as adding assets, and the new vulnerabilities and threats that creates. Business Services Continuity of the security management program across an organization is key to risk management and compliance success. Organizations should be able to predict where most threats might occur, and how they might impact the business. Data is constantly in motion, continually consumed by users and applications across the enterprise. Increased deployment of service-oriented applications increases the number of users with potential access to enterprise data. Service-oriented applications have many moving parts, and monitoring at the application layer is much more difficult than monitoring network activity.
Threat and Risk Management As businesses and networks grow, organizations shift their security focus from trying to address all security issues to establishing security priorities. The larger, more complex organizations choose to focus on the most damaging threats, those with the greatest financial impact, and those security issues that can cause the most disruption to business processes. Previously, the focus for security organizations has been on stopping threats from outside the enterprise. Yet data leakage and inappropriate user activity from inside the enterprise are often bigger threats, since the potential hacker is so much closer to the data. Organizations today are forced to reconsider their approach to managing risk from insiders. Security Performance Measurement Given that organizations cannot manage what they cannot measure, the need for security information event management and benchmarking are key aspects of an effective security decision support solution. Organizations need to understand their security posture at any point in time, and then have the ability to use that as a security baseline to measure against. Also, executive management needs a fast, straightforward, and credible way to have visibility into the organization’s security posture.