April 6, 2016 By Rick M Robinson 3 min read

The days are getting longer, and winter is about to be behind us (at least in the Northern Hemisphere). That means it’s time to throw open the windows, get out the broom and do some spring cleaning.

At the start of the year, you probably winterized your IT security. As you reach for your CISO broom, what should your strategy be for giving your security a good, thorough spring cleaning? Where should you start, what resources should you keep handy and what do you need to be looking for?

What the CISO Can Do This Spring

Happily, you don’t need to work out the art of security spring cleaning all on your own. Experienced IT security housekeepers have been there and done that. CSO Online and Technology First are just two of the resources available to guide you, but they are a great place to start. Here are a few additional tips to get you going.

Plan to Go Room by Room

In your house, you clean from the upstairs down and the inside out. Your overall system architecture provides the floor plan of your spring cleaning strategy. These days, the architecture can be a bit complicated, what with partner relationships, managed services and the cloud. Before you sweep and scrub, know what data and resources are where so you can buff them up efficiently.

Gather and Organize Your Cleaning Supplies

Your cleaning supplies are the policies that provide guidance, and the logs tell you what actually happens in your system day by day. Are your policies up to date? Is your monitoring solution correctly tuned to capture relevant security events? A dusty broom will not sweep clean, so revamp security guidelines as you see fit.

Scrub the Doors and Windows

Endpoint security is no longer the star player, but it is still crucial. Mobility and bring-your-own-device (BYOD) initiatives mean more endpoints that need to be secured, and so does the expansion of cloud and partner services. Don’t leave openings that cybercriminals can sneak in through.

Toss Out the Junk!

Useless old stuff tends to accumulate in the attic and basement. This junk can range from old, inactive user accounts to obsolete software solutions. You may have forgotten all about it, but it can pose hidden vulnerabilities, which is why cybercriminals love that junk. Into the dumpster it goes!

Make and Mend

Thorough cleaning goes hand in hand with basic maintenance. Security professionals regard keeping systems and software correctly patched and updated to be the single best thing they can do to improve security. Make sure you are doing it.

Who Has a House Key?

IT security is not really about computers; it is about people using computers. Who has what access privileges and why? Do your people know how to protect themselves and the network from phishing and other forms of social engineering?

What’s Your Emergency Plan?

Mishaps happen, and you need to be prepared for them. Sooner or later, you will be breached. The prepared and tidy CISO will make sure the organization’s response and recovery plans are in place and ready to go before an incident happens.

Reap the Rewards of Hard Work

None of this is easy. Spring cleaning is — let’s be honest — a chore, and your CISO and IT security team will be spending some quality time on their hands and knees to get those dust bunnies out of the corners. But once you’re done, you’ll be able to go outdoors and enjoy a warm spring day in the park knowing that you’ll be coming home to a clean, fresh, secure IT environment.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today