Halkyn Security Blog
Specialist Security & Risk Management Consultants

3 essential elements of any Infosec function

Infosec - its a team sport

Infosec – its a team sport

As the news often shows, Information Security (infosec) is a big part of any organisation. From the small business with just a couple of computers to the global enterprise, infosec wraps around what you do, keeping you safe.

Infosec is the function which keeps you servicing your customers. It protects your data. It ensures that you have a reasonable chance of still working tomorrow.

The challenge is not in realising the need for information security, it is in making it work.

At a very high level you need to ensure that three key elements are in place. With them, you can get world class security. Without them, you will always be behind the curve.

Essential Elements for World Class Infosec in your Business

Good, internal, security team.

Internal Infosec Team - The Foundation of Everything.

Internal Infosec Team – The Foundation of Everything.

This forms the foundations of everything you do so they need to be good. If your team is “average” or worse, fix that before you do anything else.

A good, internal, infosec team will allow you to improve and grow. These will be the people who know everything about your organisation. Your internal team will know where the problems are. They will know who is responsible for systems. They will know what is normal and what isn’t.

With a good internal team, you can parachute in external support and things will just work. It is hard to overstate how important this actually is. One of the biggest mistakes companies make is paying for external services without the internal framework to support it. Avoid this mistake at all costs.

Good external infosec consultants.

Expert External Infosec Consultants - Halkyn Consulting.

Expert External Infosec Consultants – Halkyn Consulting.

Your internal team learn your environment inside out. They become experts in it. However you also need experts on the outside world. Techniques change. Good practice evolves.

Your great internal team needs fresh ideas and fresh input. Rather than have a staff churn, external consultants can provide this.

External consultants can also provide the infosec “bigger picture.” By bringing experience from other companies, they can help you change your ways for the better. This allows you to learn from the pain others have felt.

Sometimes internal infosec teams feel threatened by external consultants, so you need to manage this. Make it clear that the external experts are there to help and support. If you get this right, you will significantly enhance your security.

If you are building a security team from the ground up, then external consultants can give you the knowledge to get things moving. The consultants can help you select a team. They can train your team. They can test and benchmark your team.

Good, ideally external, testers.

Test. Test as much as possible. Pentest, VA scans, etc., they are all good. The more testing you do, the more confidence you can have in your systems. Without testing, you are basically hoping things work well.

You can use internal test teams. These will know where to really probe for dirt. However, they will also suffer from this knowledge. They will attack in the paths you’ve predicted. They will use the exploits you are expecting.

This is good, and much better than nothing. It isn’t perfect and it really isn’t world class.

In the same way external consultants bring new ideas, external testers really push your infosec teams. They will think of things you have never considered. They will test systems in ways you cant imagine. They will show you what an attacker can learn. They will highlight the mistakes better than anything internal.

The biggest “lesson learned” from a real external pentest comes at the end. When your internal team get the report and try to work out how the attackers got in. Spend time looking at how the controls were bypassed. Spend time finding ways to detect it next time. There will be a next time, you just have to hope you are ready before an attacker finds it.

Conclusion – 3 elements for world class infosec

So, in summary, there are three essential building blocks for every infosec team. It is easy to identify them, but it is also easy to overlook one or more. All are essential if you want to drive the maximum security benefit for your organisation.

The real challenge is in making sure you implement all three properly. You need good teams to start with and a plan to make them all better. You need to drive continual improvement. You need to learn from everything that goes wrong. If you do this, you will have a great security team and your infosec processes will be robust.

Need help?

If you need help with this, Halkyn Consulting can offer advice, support, assistance and mentorship at every stage.

We can help you build your internal infosec team from the ground up. We can help you improve them. We can help you benchmark them. We can train your incident responders, we can support your forensics collections.

If you have a good, trusted, internal information security team, we can help bring in new ideas. We can provide external frames of reference. We can help you learn from the lessons other companies suffer.

Take the first steps to improving your security today and get in touch with us to find out more.

 

Similar posts
  • Threat Hunting – essential for ... Lots of articles, blog posts and webcasts talk about threat hunting. Despite this few, if any, organisations do it. This is a mistake. Security hit the headlines again recently, when Equifax admitted to a breach exposing around 143 million records of personal data. While details are still emerging, it looks like the attackers compromised an [...]
  • UOC – Cybersecurity Conference ... Cybersecurity is big news with governments and businesses suffering at the hands of cyber attacks. As a result of this, the University of Chester (UoC) STEMs society is hosting a Cybersecurity Conference on the 28th March 2017. The primary aim is to raise awareness of Cybersecurity. In addition, it will provide an opportunity to build professional networks and encourage career [...]
  • Dashboards vs Security – are th... Metrics, Dashboards and Security Like them or not, metrics are a fundamental part of every organisation. Security doesn’t get to a free pass. It is a rare CISO who doesn’t demand dashboards showing how all the security controls are performing. Therefore for most organisations, this is a fight long lost. This may not always be a [...]
  • Security Incident Response Really Doe... Incident response is one of those things you really hope you’ll never have to use, but know you will. Or at least you should know! Even with the best security, there will come a day when you are up to your eyes in chaos. Either a live security incident or, worse still, picking up the pieces [...]
  • North Wales Cyber Security Cluster &#... The North Wales Cyber Security Cluster is meeting on 21 April at Solvings Ltd, in Mold, Flintshire. Solvings provide a great location and the cluster is a wonderful opportunity to learn about cyber security. Access to cluster meetings is free and everyone is welcome. No prior knowledge is needed. There really are no stupid questions! Clusters [...]

Recent Tweets Recent Tweets