In this edition of Cybersecurity Where You Are, CIS Senior VP and Chief Evangelist, Tony Sager welcomes Thordis Thorsteins, Senior Data Scientist at Panaseer. Panaseer provides a controls monitoring platform and has played a valuable role in the development of the CIS Critical Security Controls, as well as the implementation of the CIS Controls Assessment Specification. Together, Tony and Thordis discuss the role that data collection and automation play in cybersecurity.
When It Comes to Data, More Doesn’t Always Mean Better
When it comes to cybersecurity, an enterprise must start by listing the assets it needs to protect, select controls to protect those assets, and institute a system to monitor those controls. Simple steps in theory – but complex and time consuming to implement in reality.
Examples of some types of data sources and tools include:
In-house vulnerability management tools
Patching tools
Phishing tools for employee training
By using a wide variety of sources, an enterprise can create a more expansive picture of its cybersecurity posture. The challenge with using all these data sources is that it creates an immense amount of data that need to be analyzed. This leads to what Sager refers to as “The Fog of More”. The collected data set is inevitably messy and noisy, and that creates an overwhelming task for teams to pore through and uncover any discrepancies.
Cybersecurity Frameworks are Open to Interpretation
The difficulty with cybersecurity frameworks is that they provide the criteria for compliance, yet no advice to implement the framework itself. This places the burden of interpreting the framework on the enterprise, making it difficult to measure compliance effectively. While frameworks are valuable, they can be interpreted by different enterprises in different ways. Then an auditor or governing body comes in and applies their own interpretation. This multitude of opinions makes it difficult to know when something is truly being done right.
Working with the Controls Assessment Specification
Panaseer was an early adopter of the Controls Assessment Specification and played an integral role in developing its components. It was created to provide a comprehensive list of specifications available to work against, as well as assessments to suit companies at different maturities. This allows for a more uniform system for compliance, with the goal of having enterprises improve their assessment and monitoring activities.
Automate for Success
The Controls Assessment Specification enables any sized enterprise to develop guidelines for viewing how it is measuring and monitoring their cybersecurity posture. The next step would be to identify opportunities to automate these activities. While some frameworks require a degree of self-attestation performed by a cybersecurity expert, frequent and repetitive requirements can be labor-intensive and costly. In addition to saving time and money, automation creates consistency by:
Enabling data to be measured the same way every time
Enabling the process to be clear for the person responsible for interpreting the outcomes
Creating a roadmap for anyone performing the assessment in the future
Driving consistency in how data is collected, analyzed, and interpreted
By continuing to find new and better ways for companies to automate their cybersecurity posture, compliance will become more achievable and interpretations of these frameworks will become more uniform.
Resources:
More Stories
China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers
The deployment of custom credential theft malware is the main novelty of the new campaign Read More
SharePoint Phishing Scam Targets 1600 Across US, Europe
Cyber-criminals used the scam to steal the credentials for various email accounts Read More
Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks
A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over...
Security at the core of Intel’s new vPro platform
Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection...
New Post-Exploitation Attack Method Found Affecting Okta Passwords
The flaw derives from the way the Okta system records failed login attempts to instances Read More
Fake GPT Chrome extension steals Facebook session cookies, breaks into accounts
The world has gone ChatGPT bonkers. Which makes it an effective lure for cybercriminals who may want to break into...