Developing an information security strategy requires addressing the concerns from multiple angles. There are things you need to know; things you need to do; things you need to monitor; and things you need to react.

Information Security: Things to Know

To protect your systems, you need to know what they are. This means inventorying hardware, software, networks, and clouds.  You need to know your data, how valuable it is, and how vulnerable it is. You need to know the people who need access to the systems and the reasons for that access. You need to know which people need privileged access.

Information Security: Things to Do

Based on your knowledge of your resources, data, and people, you can implement policies, controls, and tools to protect them. This includes measures such as deploying firewalls, antivirus, and other security software, as well as patches. You ensure secure configurations on network devices, cloud systems, and other applications, and limit access to risky ports and protocols. You  protect employees by blocking unsafe internet sites and scanning incoming email. You train employees in the appropriate safe computing practices and make sure their devices are secured. You conduct penetration tests to verify that your security measures are working.

Information Security: Things to Monitor

Even if you reach the end of your “to do” list, there’s no time to relax; protecting IT resources requires constant monitoring. Monitoring has a wide scope that includes reviewing audit logs in addition to other data sources. User access to resources needs to be monitored, particularly privileged access and access to sensitive data. Incoming traffic needs to be monitored and inspected for threats. Changes to resources, particularly configurations, need to be monitored and reviewed. Patch lists need to be monitored and assessed for criticality. Other sources of vulnerability, such as inactive accounts, need to be identified and monitored as well.

Information Security: Things Needed to React

No matter how many security controls are put in place, it’s almost inevitable that an incident will occur. As hackers often say, they only need to get lucky once. Assuming monitoring identifies a breach, the business needs to be ready to respond. This begins with having an incident response plan and a team dedicated to this work, so you aren’t scrambling in the middle of a crisis. It also requires having reliable backups and a tested recovery process, so that any infected or damaged systems can be restored to a known, trusted state.

Are you missing any of these things you need for a comprehensive information security solution? Prescient Solutions provides cybersecurity services to businesses in Chicago and Schaumburg that address all these aspects.

Contact us to make sure your information security strategy is complete and effective.