Simplifying cybersecurity: From risk assessment to recovery

By Amit Chaudhary

Cybersecurity can often be perceived as complex, and it can be challenging for security leaders to communicate its importance to non-security professionals. One effective way to simplify security for such professionals is through the use of analogies. We all take risk-based decisions every day, and we all think about security every day. For instance, you think did you lock your door and windows at night? Should you travel to a particular place due to the geopolitical conditions in that area? Have you worn a seat belt before driving the car? Did you proactively perform a check of the elevator in your apartment complex? There is tremendous symmetry between the physical and cyber world. Almost every security decision and risk that we think about in the physical world can be directly mapped to the cyber world. A good cybersecurity framework, such as ISO or NIST, CSF, can help ensure that we are doing everything that we should be. NIST CSF is particularly easy to understand and quantify the overall security posture.

An analogy that can be used to tie the cyber and physical world together is to think of yourself as a diamond merchant in a bad neighborhood. First, you must identify the risk, such as understanding the assets risk environment, the threat actors in the environment, and the industry risks. Then, you need to protect against the identified risks by implementing proactive controls, such as firewalls, endpoint security tools, WAF, and identity solutions. Next, you need to detect breaches using monitoring solutions such as SIEM, logging and correlation, and EDR solutions. You should also be prepared to respond when a breach occurs using SOAR, containment solutions, and other response measures. Finally, you need to recover, which means having a business continuity and disaster recovery plan, high availability, and cyber insurance.

Also Read | ‘Cybersecurity is not high enough on the agenda of boardrooms’

Ultimately, it is the responsibility of CISOs, CIOs, and other security leaders to help their teams and leadership understand why cybersecurity is critical. They should transparently set the context and communicate using objective data. It is also essential to remember that every company’s and every person’s risk tolerance is different. Therefore, talking to as many leaders in the company and Board of Directors will help to understand what is an acceptable risk to them. It is then up to the security leaders to shape the security program and communicate the necessary information effectively.

Security Operations Center (SOC):

In the realm of cybersecurity, the Security Operations Center (SOC) plays a crucial role as the central nerve center for monitoring and responding to security incidents. It is imperative that the SOC be considered the customer of the internal security teams, and that the activities of those teams are defined and executed based on the visibility and insights provided by the SOC. By doing so, organizations can ensure a coordinated and effective response to security incidents, reducing the risk of data breaches and minimizing the impact of security incidents.

Also Read | Cybersecurity: Why is it important for OEMs?

Below are the key factors that define the success of a Security Operations Center (SOC):

Platform: The success of a SOC largely depends on the platform it uses. Today, most platforms are mature and integrate well with all types of technologies. However, it is essential to choose a platform that meets your organization’s specific requirements and can be customized to fit your needs.

Automation: The platform used by the SOC should have automation capabilities to reduce the overall impact on your teams. Automation can help reduce response times, streamline workflows, and allow analysts to focus on higher-level tasks.

Onboarding: It is crucial to onboard all your devices into the SOC. This gives you the right information and ability to correlate the data across the environment. Onboarding also enables the SOC to identify potential security risks, ensure compliance, and provide a unified view of your security posture.

Analysts: The SOC needs analysts who can provide relevant information that is useful and actionable. Analysts should be able to quickly identify potential security incidents, analyze them, and provide appropriate responses to mitigate the risk.

Threat intelligence: The SOC should be equipped with the latest threat intelligence to identify and mitigate security risks. Threat intelligence provides insights into potential threats and helps the SOC to identify new attack vectors and vulnerabilities.

Partnership: The SOC should work closely with internal teams, external partners, and vendors to ensure a comprehensive security posture. A strong partnership between the SOC and its partners is essential to ensure that all parties are working towards a common goal of protecting the organization’s assets and data.

(The author is head of Airtel Security Practice and Internet and IT portfolio. Views expressed are personal.)

By Amit Chaudhary

Cybersecurity can often be perceived as complex, and it can be challenging for security leaders to communicate its importance to non-security professionals. One effective way to simplify security for such professionals is through the use of analogies. We all take risk-based decisions every day, and we all think about security every day. For instance, you think did you lock your door and windows at night? Should you travel to a particular place due to the geopolitical conditions in that area? Have you worn a seat belt before driving the car? Did you proactively perform a check of the elevator in your apartment complex? There is tremendous symmetry between the physical and cyber world. Almost every security decision and risk that we think about in the physical world can be directly mapped to the cyber world. A good cybersecurity framework, such as ISO or NIST, CSF, can help ensure that we are doing everything that we should be. NIST CSF is particularly easy to understand and quantify the overall security posture.

An analogy that can be used to tie the cyber and physical world together is to think of yourself as a diamond merchant in a bad neighborhood. First, you must identify the risk, such as understanding the assets risk environment, the threat actors in the environment, and the industry risks. Then, you need to protect against the identified risks by implementing proactive controls, such as firewalls, endpoint security tools, WAF, and identity solutions. Next, you need to detect breaches using monitoring solutions such as SIEM, logging and correlation, and EDR solutions. You should also be prepared to respond when a breach occurs using SOAR, containment solutions, and other response measures. Finally, you need to recover, which means having a business continuity and disaster recovery plan, high availability, and cyber insurance.

Also Read | ‘Cybersecurity is not high enough on the agenda of boardrooms’

Ultimately, it is the responsibility of CISOs, CIOs, and other security leaders to help their teams and leadership understand why cybersecurity is critical. They should transparently set the context and communicate using objective data. It is also essential to remember that every company’s and every person’s risk tolerance is different. Therefore, talking to as many leaders in the company and Board of Directors will help to understand what is an acceptable risk to them. It is then up to the security leaders to shape the security program and communicate the necessary information effectively.

Security Operations Center (SOC):

In the realm of cybersecurity, the Security Operations Center (SOC) plays a crucial role as the central nerve center for monitoring and responding to security incidents. It is imperative that the SOC be considered the customer of the internal security teams, and that the activities of those teams are defined and executed based on the visibility and insights provided by the SOC. By doing so, organizations can ensure a coordinated and effective response to security incidents, reducing the risk of data breaches and minimizing the impact of security incidents.

Also Read | Cybersecurity: Why is it important for OEMs?

Below are the key factors that define the success of a Security Operations Center (SOC):

Platform: The success of a SOC largely depends on the platform it uses. Today, most platforms are mature and integrate well with all types of technologies. However, it is essential to choose a platform that meets your organization’s specific requirements and can be customized to fit your needs.

Automation: The platform used by the SOC should have automation capabilities to reduce the overall impact on your teams. Automation can help reduce response times, streamline workflows, and allow analysts to focus on higher-level tasks.

Onboarding: It is crucial to onboard all your devices into the SOC. This gives you the right information and ability to correlate the data across the environment. Onboarding also enables the SOC to identify potential security risks, ensure compliance, and provide a unified view of your security posture.

Analysts: The SOC needs analysts who can provide relevant information that is useful and actionable. Analysts should be able to quickly identify potential security incidents, analyze them, and provide appropriate responses to mitigate the risk.

Threat intelligence: The SOC should be equipped with the latest threat intelligence to identify and mitigate security risks. Threat intelligence provides insights into potential threats and helps the SOC to identify new attack vectors and vulnerabilities.

Partnership: The SOC should work closely with internal teams, external partners, and vendors to ensure a comprehensive security posture. A strong partnership between the SOC and its partners is essential to ensure that all parties are working towards a common goal of protecting the organization’s assets and data.

(The author is head of Airtel Security Practice and Internet and IT portfolio. Views expressed are personal.)