Would you build a luxury home on a poor foundation? Of course not. Then why buy expensive security software without first having the right procedures and process in place to support it? Taking the time to build the proper foundation will pay off in the long run when you’re able to use your security products at maximum effectiveness.
What are those foundational steps when it comes to information security? In my view, they are:
- Asset Inventory – Think about it – you can’t control what you don’t know is there. Do you know all the servers and devices that are connected to your network?
- Configuration Management – Do you know the baseline configuration of those servers and devices? If something changed, would you know or even notice that it was different? Without a clear picture of what “good” looks like, you
won’tknow “bad” when it shows up.
- Change Control – This plays right into the above. Change control procedures ensure that you know when and why something has been altered from the baseline. Proper documentation of these changes is crucial, even if it’s not required by audit regulations.
You may be thinking “but I have many thousands of devices and servers – I can’t inventory and control them all.” This is where the next piece of the foundation comes in:
- Data Discovery –If you can’t secure everything, determine where the most critical data resides. What would cause the most damage to your organization if it was breached? Rather than boiling the ocean, which kettle of data should you focus on?
Building the proper foundation is only the first step in defending your network, especially if it’s already compromised. There are more steps that I’ll present in my upcoming webinar on October 18. I hope you’ll register to join me for this session.