By Chris Hill
Like any structure, your information security is only as strong as the foundation it rests on.
Do you know how strong your security foundation is? For example, do you know:
- Whether a remote attacker could penetrate your organization’s defenses?
- Whether security misconfiguration posed a significant risk?
- The level of risk to your organization due to software vulnerabilities?
You probably don’t know the answers to those questions. Most IT organizations don’t because they’re focused on the daily demands from users, such as I need my password changed, I can’t print, or I need access to a certain resource. IT staff by nature are trained to solve problems in complex environments and with the lack of staff certain areas tend to stay on the back burner.
Such as assessing the state of your security foundation.
There are three specific security areas which, if controls are weak or missing, could allow the type of cyber event which can leave your IT systems inoperable within minutes. Those three are
- Active Directory
Each of these areas are commonly addressed by separate teams or individuals who either don’t coordinate efforts or are so busy dealing with the daily operational issues that they lack time to take care of many critical controls.
The Firewall team, for example, opens ports and adds rules to get connectivity issues resolved. Completing daily tasks is often so overwhelming that looking at all rule sets to understand the overall performance impact of changes never gets done.
The Identity team often just continues to add users and groups to provide the business staff needed resources. And vulnerability management is a never-ending battle that changes daily with the addition of new hardware and software.
Now that you know why you don’t know how strong your security foundation is, you need to find a way to actually determine that strength. There are two things you can do: Hire more staff or bring in an outside team to help.
Since you probably don’t have the budget to hire a bunch of full-time security professionals, bringing in an outside team, such as the LRS IT Solutions Security team, is probably your best choice.
Our team conducts an assessment of your firewalls, Active Directory, and internal and external vulnerabilities. Then we deliver a Corrective Action Plan listing the specific steps to take to strengthen your foundation.
We can meet with you to explain the value of a Foundation Analysis conducted by our team. Just fill out the form below to request a consultation.
About the author
Chris Hill serves as our Security Practice Leader. Chris has more than 24 years of business and professional experience in IT and holds a Bachelor of Science degree in Electrical and Electronics Engineering. Formerly the State of Illinois Chief Information Security Officer, Chris is currently pursuing his accreditation as a Certified Information Systems Security Manager.