Your CISO Guide to Spring Cleaning

April 6, 2016
| |
3 min read

The days are getting longer, and winter is about to be behind us (at least in the Northern Hemisphere). That means it’s time to throw open the windows, get out the broom and do some spring cleaning.

At the start of the year, you probably winterized your IT security. As you reach for your CISO broom, what should your strategy be for giving your security a good, thorough spring cleaning? Where should you start, what resources should you keep handy and what do you need to be looking for?

What the CISO Can Do This Spring

Happily, you don’t need to work out the art of security spring cleaning all on your own. Experienced IT security housekeepers have been there and done that. CSO Online and Technology First are just two of the resources available to guide you, but they are a great place to start. Here are a few additional tips to get you going.

Plan to Go Room by Room

In your house, you clean from the upstairs down and the inside out. Your overall system architecture provides the floor plan of your spring cleaning strategy. These days, the architecture can be a bit complicated, what with partner relationships, managed services and the cloud. Before you sweep and scrub, know what data and resources are where so you can buff them up efficiently.

Gather and Organize Your Cleaning Supplies

Your cleaning supplies are the policies that provide guidance, and the logs tell you what actually happens in your system day by day. Are your policies up to date? Is your monitoring solution correctly tuned to capture relevant security events? A dusty broom will not sweep clean, so revamp security guidelines as you see fit.

Scrub the Doors and Windows

Endpoint security is no longer the star player, but it is still crucial. Mobility and bring-your-own-device (BYOD) initiatives mean more endpoints that need to be secured, and so does the expansion of cloud and partner services. Don’t leave openings that cybercriminals can sneak in through.

Toss Out the Junk!

Useless old stuff tends to accumulate in the attic and basement. This junk can range from old, inactive user accounts to obsolete software solutions. You may have forgotten all about it, but it can pose hidden vulnerabilities, which is why cybercriminals love that junk. Into the dumpster it goes!

Make and Mend

Thorough cleaning goes hand in hand with basic maintenance. Security professionals regard keeping systems and software correctly patched and updated to be the single best thing they can do to improve security. Make sure you are doing it.

Who Has a House Key?

IT security is not really about computers; it is about people using computers. Who has what access privileges and why? Do your people know how to protect themselves and the network from phishing and other forms of social engineering?

What’s Your Emergency Plan?

Mishaps happen, and you need to be prepared for them. Sooner or later, you will be breached. The prepared and tidy CISO will make sure the organization’s response and recovery plans are in place and ready to go before an incident happens.

Reap the Rewards of Hard Work

None of this is easy. Spring cleaning is — let’s be honest — a chore, and your CISO and IT security team will be spending some quality time on their hands and knees to get those dust bunnies out of the corners. But once you’re done, you’ll be able to go outdoors and enjoy a warm spring day in the park knowing that you’ll be coming home to a clean, fresh, secure IT environment.

Rick M Robinson

Rick Robinson is a writer and blogger, with a current 'day job' focus on the tech industry and a particular interest in the interplay of tech-driven factors ...
read more