Most people understand that going to the doctor and dentist on a regular basis is good preventive practice for their health. Getting your teeth cleaned and x rayed can help prevent future damage, and getting regular blood work and physical exams can catch issues before they become serious.
The same is true for your technology and business practices around cybersecurity. Regular checkups and exams are necessary for the basic health of your systems and to prevent more serious problems later. Knowing early on if there is an issue that needs to be fixed can help you before it becomes too late or more costly.
As a security consultant I am akin to your general practitioner at the doctor’s office. I conduct checkups for systems and processes to determine the cybersecurity health and potential future needs for organizations. Having someone with this skill set to come in at least annually and look at your systems is key in maintaining a healthy network. The result of ignoring your security checkup can lead to an unavailability of system resources, which happens when attackers use Ransomware to keep you from accessing critical business data. Another concern that the checkup addresses is ensuring there is no weakness in the integrity of data or what seems to be the most common headline, the loss of data to hackers or attackers.
Let’s look at three important elements of a cybersecurity checkup.
First let’s look at your infrastructure, which you can think of as the bones that make up your organization. If a device or system on your network isn’t configured correctly it can cause many problems. Systems and data can become unavailable to users and customers, or worse, malicious users or hackers could gain unauthorized access to your systems and data. During the checkup your security consultant will look at system configurations to help identify any weaknesses and provide recommendations for fixing any breaks they find.
Second you need to look at the hardware and software that makes up your network and is part of your infrastructure. These devices can be infected by what are known as a computer virus or bug and in broader terms referred to as malware. With people we have ways to detect if there is an infection and ways to prevent them or cure them. For your systems, the main way this is accomplished is through the use of anti-virus or anti-malware software. This software can test the system looking for vulnerabilities and weaknesses (bugs and infections). Your security consultant conducting your system check-up will make sure that the software is current and working properly, and look to ensure that all current patches have been applied to fix known issues.
When you go to the doctor there are many tests in which you get poked and prodded, many of which are not fun, but incredibly necessary. A good friend of mine was recently diagnosed with cancer as a result of his prostate exam. I am quite certain the exam was not something he was looking forward to and he could have easily put off, but since he didn’t put it off he was diagnosed early and has a very good prognosis for being cancer free.
This takes me to the third and one of the most important and often underutilized type security checkup – penetration testing. This is the most important, but least common checkup. This type of test should be conducted by a subject matter expert, i.e. a specialist rather than a generalist. This professional conducts very technical tests against your organizations systems to try and break in like someone who is up to no good, but doing so with permission and ground rules. They can do this from the Internet like most malicious hackers and they can do it from inside your network to mimic a malicious internal user. External and internal penetration tests are some of the most important tests you can run against your systems to make sure you truly understand the cybersecurity health of your organization from the inside out.
These important security health checks should also be conducted throughout the year by your IT staff as part of their ongoing operating procedures in addition to at least annually by an independent third-party. If you have outsourced your IT to a service provider make sure they are conducting regular security checks in addition to having an independent third-party or internal audit group do an annual checkup as well.
Don’t be caught with a diagnosis that is hard or expensive to fix because you decided to skip the annual checkup. If you have questions and want to discuss all the elements of a security checkup in more detail email sharon@c-suiteresults.com.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/|You are a successful CEO, passionate about the continued growth and health of your organization.
Because you are responsible for the strategy and success of your organization you are losing sleep over the continual reports of security breaches, stolen data, and ransomware. It appears that no one is safe anymore.
But all the terminology and acronyms (i.e., cloud, IoT, BOD, APT, IAM, IDS, Pen Test, malware, ransomware, identity access management, patch management, change management...not to mention all the compliance regulations) is overwhelming. And that makes sense because security is not in your wheelhouse, but it’s in mine! And I can help you!
WHAT I DO
As a 12-year veteran of the information security, audit, and compliance industry, I understand the technology your organization works with and the challenges you face.
I translate cyber security into business terms for executives who want to implement security but don’t know how. I help create the proper internal messaging, education, and shape the organizational culture needed for sustainable success in security.
Too many people believe that security is an IT problem and and that simply throwing budget at the IT department equals security. Instead, I help you paint a full picture of your security posture, the risks associated with it, and the most effective strategy to help close the gaps.
Security is not insurance - it is force protection (think of the armed guards in front of a military base). Isn’t it time for you to put the proper protection in place for the long term health of your organization?
WHAT MAKES ME DIFFERENT
It is rare to find someone with a background that includes in-depth information security knowledge and hands-on experience who has a business degree, and is a Certified Coach. This mix of education and experience equips me to best serve you in creating a long term sustainable security culture.
NEXT STEPS
Email me at sharon@c-suiteresults.com or message me via LinkedIn https://www.linkedin.com/in/smithsharonj/
- Using the Golden Rule to be a Better Leader - July 2, 2018
- Arming the Cyber Defender – Your Employees - May 8, 2018
- The Secret to Hiring Cybersecurity Professionals - May 3, 2018