As the news often shows, Information Security (infosec) is a big part of any organisation. From the small business with just a couple of computers to the global enterprise, infosec wraps around what you do, keeping you safe.
Infosec is the function which keeps you servicing your customers. It protects your data. It ensures that you have a reasonable chance of still working tomorrow.
The challenge is not in realising the need for information security, it is in making it work.
At a very high level you need to ensure that three key elements are in place. With them, you can get world class security. Without them, you will always be behind the curve.
Essential Elements for World Class Infosec in your Business
Good, internal, security team.
This forms the foundations of everything you do so they need to be good. If your team is “average” or worse, fix that before you do anything else.
A good, internal, infosec team will allow you to improve and grow. These will be the people who know everything about your organisation. Your internal team will know where the problems are. They will know who is responsible for systems. They will know what is normal and what isn’t.
With a good internal team, you can parachute in external support and things will just work. It is hard to overstate how important this actually is. One of the biggest mistakes companies make is paying for external services without the internal framework to support it. Avoid this mistake at all costs.
Good external infosec consultants.
Your internal team learn your environment inside out. They become experts in it. However you also need experts on the outside world. Techniques change. Good practice evolves.
Your great internal team needs fresh ideas and fresh input. Rather than have a staff churn, external consultants can provide this.
External consultants can also provide the infosec “bigger picture.” By bringing experience from other companies, they can help you change your ways for the better. This allows you to learn from the pain others have felt.
Sometimes internal infosec teams feel threatened by external consultants, so you need to manage this. Make it clear that the external experts are there to help and support. If you get this right, you will significantly enhance your security.
If you are building a security team from the ground up, then external consultants can give you the knowledge to get things moving. The consultants can help you select a team. They can train your team. They can test and benchmark your team.
Good, ideally external, testers.
Test. Test as much as possible. Pentest, VA scans, etc., they are all good. The more testing you do, the more confidence you can have in your systems. Without testing, you are basically hoping things work well.
You can use internal test teams. These will know where to really probe for dirt. However, they will also suffer from this knowledge. They will attack in the paths you’ve predicted. They will use the exploits you are expecting.
This is good, and much better than nothing. It isn’t perfect and it really isn’t world class.
In the same way external consultants bring new ideas, external testers really push your infosec teams. They will think of things you have never considered. They will test systems in ways you cant imagine. They will show you what an attacker can learn. They will highlight the mistakes better than anything internal.
The biggest “lesson learned” from a real external pentest comes at the end. When your internal team get the report and try to work out how the attackers got in. Spend time looking at how the controls were bypassed. Spend time finding ways to detect it next time. There will be a next time, you just have to hope you are ready before an attacker finds it.
Conclusion – 3 elements for world class infosec
So, in summary, there are three essential building blocks for every infosec team. It is easy to identify them, but it is also easy to overlook one or more. All are essential if you want to drive the maximum security benefit for your organisation.
The real challenge is in making sure you implement all three properly. You need good teams to start with and a plan to make them all better. You need to drive continual improvement. You need to learn from everything that goes wrong. If you do this, you will have a great security team and your infosec processes will be robust.
If you need help with this, Halkyn Consulting can offer advice, support, assistance and mentorship at every stage.
We can help you build your internal infosec team from the ground up. We can help you improve them. We can help you benchmark them. We can train your incident responders, we can support your forensics collections.
If you have a good, trusted, internal information security team, we can help bring in new ideas. We can provide external frames of reference. We can help you learn from the lessons other companies suffer.