April 6, 2016 By Rick M Robinson 3 min read

The days are getting longer, and winter is about to be behind us (at least in the Northern Hemisphere). That means it’s time to throw open the windows, get out the broom and do some spring cleaning.

At the start of the year, you probably winterized your IT security. As you reach for your CISO broom, what should your strategy be for giving your security a good, thorough spring cleaning? Where should you start, what resources should you keep handy and what do you need to be looking for?

What the CISO Can Do This Spring

Happily, you don’t need to work out the art of security spring cleaning all on your own. Experienced IT security housekeepers have been there and done that. CSO Online and Technology First are just two of the resources available to guide you, but they are a great place to start. Here are a few additional tips to get you going.

Plan to Go Room by Room

In your house, you clean from the upstairs down and the inside out. Your overall system architecture provides the floor plan of your spring cleaning strategy. These days, the architecture can be a bit complicated, what with partner relationships, managed services and the cloud. Before you sweep and scrub, know what data and resources are where so you can buff them up efficiently.

Gather and Organize Your Cleaning Supplies

Your cleaning supplies are the policies that provide guidance, and the logs tell you what actually happens in your system day by day. Are your policies up to date? Is your monitoring solution correctly tuned to capture relevant security events? A dusty broom will not sweep clean, so revamp security guidelines as you see fit.

Scrub the Doors and Windows

Endpoint security is no longer the star player, but it is still crucial. Mobility and bring-your-own-device (BYOD) initiatives mean more endpoints that need to be secured, and so does the expansion of cloud and partner services. Don’t leave openings that cybercriminals can sneak in through.

Toss Out the Junk!

Useless old stuff tends to accumulate in the attic and basement. This junk can range from old, inactive user accounts to obsolete software solutions. You may have forgotten all about it, but it can pose hidden vulnerabilities, which is why cybercriminals love that junk. Into the dumpster it goes!

Make and Mend

Thorough cleaning goes hand in hand with basic maintenance. Security professionals regard keeping systems and software correctly patched and updated to be the single best thing they can do to improve security. Make sure you are doing it.

Who Has a House Key?

IT security is not really about computers; it is about people using computers. Who has what access privileges and why? Do your people know how to protect themselves and the network from phishing and other forms of social engineering?

What’s Your Emergency Plan?

Mishaps happen, and you need to be prepared for them. Sooner or later, you will be breached. The prepared and tidy CISO will make sure the organization’s response and recovery plans are in place and ready to go before an incident happens.

Reap the Rewards of Hard Work

None of this is easy. Spring cleaning is — let’s be honest — a chore, and your CISO and IT security team will be spending some quality time on their hands and knees to get those dust bunnies out of the corners. But once you’re done, you’ll be able to go outdoors and enjoy a warm spring day in the park knowing that you’ll be coming home to a clean, fresh, secure IT environment.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today