DrillDown
And then there are state privacy and data breach laws, Control Objectives for Information and Related Technology, and various international standards and privacy directives. Complying with those and other requirements often takes a significant amount of time and effort to prioritize issues, develop appropriate policies and controls, and monitor compliance.
To address external, internal and compliance challenges proactively, a mission-oriented cognitive cybersecurity capa- bility is needed. To achieve that capability, four key areas must be addressed:
• Security architecture effectiveness. Agencies must focus on rapidly assessing vulnerabilities in the security architecture and developing a prioritized roadmap that plugs security gaps and meets policy expectations. Ensuring the identity of users and their access rights and reducing the number of privileged users are critically important to effec- tive security architecture.
• Critical data protection. Agencies must focus on rapidly assessing the data architecture and identifying shortfalls in tracking and protecting critical data. Prioritized action plans can reshape data architecture for more focused security protection and better continuous monitoring.
• Security compliance. Agencies must focus on rapidly assessing compliance gaps and establishing a roadmap to prioritize issues, develop appropriate policies and controls, and achieve compliance.
• A holistic security program. Effectively implementing the first three areas enables agencies to lay the founda- tion for a program that addresses risk management and IT governance at the enterprise level. Organizations can
then identify risks to critical business processes that are most important to mission success, as well as threats and vulnerabilities that can affect critical business processes.
They can also craft appropriate IT governance, which is a key enabler of successful cybersecurity protection. IT governance provides the “tone at the top” and emphasizes that ensuring security and privacy is the responsibility of all employees.
In addition, consistent and standardized security pro- tocols, privacy processes and technology configurations support protection at a lower cost.
A holistic security program focuses on protection through continuous monitoring of systems and data. That involves moving from the traditional defensive-reactive approach to a defensive-proactive (predictive) approach, using cyber analyt- ics to foster security intelligence that also protects privacy.
Continuous monitoring is now required by OMB and NIST mandates, and it can be supplemented using cyber analytics to proactively highlight risks and identify, monitor and address threats. As enterprises bolster their security defenses, predictive analytics play an increasingly important role. Enterprises can conduct sophisticated correlations to detect advanced persistent threats while implementing IT governance and automated enterprise risk processes — critical building blocks for enabling security intelligence.
It includes the ability to identify previous breach patterns and outside threats to predict potential areas of attack, analyze insider behavior to identify patterns of potential misuse and monitor the external environment for potential security threats.
Continuous monitoring, when combined with cyber
The road to cyber intelligence
Federal cybersecurity leaders can move from a basic to an optimized level of security intelligence by advancing their activities in four areas.
PEOPLE
DATA
APPLICATIONS
INFRASTRUCTURE
Optimized
Governance, risk and compliance Advanced correlation and deep analysis
• Role-based analytics
• Privileged user control
• Data flow analytics • Data governance
• Secure application development
• Fraud detection
• Advanced network monitoring/forensics
• Secure systems
Proficient
• Identity management
• Strong authentication
• Activity monitoring
• Data loss prevention
• Application firewall
• Source code scanning
• Asset management
• Endpoint/network security management
Basic
• Passwords and user IDs
• Encryption
• Access control
• Vulnerability scanning
• Perimeter security • Antivirus
30 June 15, 2016 FCW.COM
SECURITY INTELLIGENCE