There has been a lot of talk about the importance of building a holistic security immune system. That is, an intelligent, integrated way to protect a network using information from many different sources, all of which is ingested by powerful analytics tools to help correlate, prioritize and act on security incidents.

When I put together security transformation programs, I always think of how the team can deliver short-term value with quick wins while also developing strategic, long-term change. To deliver an effective transformation, it is critical to communicate key controls at the board level.

From the top-down, it is important to establish strong information security policies and best practices. Standards such as ISO 27001 and the Information Security Forum’s Standard of Good Practice for Information Security provide an excellent basis for a comprehensive set of controls to protect an organization. However, they take some time to define, agree upon and deploy.

Rapid Change Through Frameworks

Most organizations need to do something rapidly to deliver more effective security. For smaller organizations, the cost of comprehensive frameworks is prohibitive. These companies need to take action now.

To understand what security building blocks are needed for hosting systems, a good starting point is the National Institute of Standards and Technology (NIST) Cybersecurity Framework, with 22 categories and 93 subcategories developed for the U.S. government. The Center for Internet Security’s (CIS) Critical Security Controls framework, which was developed from the SANS Institute’s Top 20 Critical Security Controls, provides a simple checklist, made up of 20 categories with 161 subcategories, developed by industry experts from around the world.

Priming Your Security Immune System

With these frameworks, experts have done the hard work of deciding what is a good set of security controls to deploy in the majority of environments. It’s up to you to determine what has already been deployed, what is appropriate for your environment and how the transformation will take place.

Download the security immune system brochure

Assessing the Gaps

Both NIST and CIS provide their frameworks in spreadsheets that enable you to perform quick gap analyses of your existing controls. Since there may be multiple IT environments, it’s important to assess each one individually to determine how security is implemented and the maturity of the controls in terms of technology, process and people.

Target Environment

Once you understand the current environment, define the target controls environment. The controls you select will depend on the context of the current environment, your business direction and your appetite for risk. It does not mean you need all the controls, but you need to be comfortable that the company has level-appropriate controls in place in the event of a major breach.

A Road Map of Initiatives

Change will not happen overnight, so it’s important to develop a road map with a mix of quick wins and long-term initiatives to deliver sustained change. Each initiative should deliver value in steps to keep all stakeholders engaged in their investment. Balance the initiatives with security controls to protect, detect and respond to threats. When you think about your immune system, ensure there will be an effective analytics and orchestration capabilities that can grow with your organization and adapt to emerging cybersecurity threats.

Quick Wins

Organizations often have multiple tools that do the same job, and have a deployment that is incomplete. Rationalizing or completing the deployment can make a huge difference and represent a quick win. In my experience, I have used a systems management infrastructure to collect data for a security process in a matter of months to avoid the cost and time of deploying a new tool that would have taken years to complete.

Deploy a Service, Not a Product

Any security road map needs to deploy a service, not a product, so be sure to include transformation initiatives for processes and organization. How do you ensure that security is in place or determine who is going to respond to an incident at 3 a.m.? Make sure you get the most of your investment by establishing a minimum effective service before moving onto the next set of technologies.

Adapting to a Volatile Landscape

Transformation will take months or even years, depending on the investment required and the state of the environment. By the time you have completed one project, the threats and business priorities may have changed, so build a program that has regular checkpoints to potentially reset your investment.

The speed of implementation will also depend on the value of the data being processed and the urgency to protect the data from loss of confidentiality, integrity or availability. There is no one-size-fits-all solution, since legal and regulatory frameworks may set a minimum baseline of controls that require rapid transformation meet industry standards. That’s why you need a security immune system that can keep your network secure in real time and respond to shifts in the threat landscape.

Download the security immune system brochure

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…