There is always a new shiny object to chase in cybersecurity: zero trust, AI, passwordless authentication, quantum computing. These are just some of the latest hot topics, and organizations are feeling pressure to adopt them to stay ahead of current threats.
While these new technologies are certainly relevant, they may not be as important as getting the “cyber basics” right. Buying new cutting-edge tools or planning a whole new architecture won’t replace excelling at those foundational, structural underpinnings that build a successful security program. One example of these fundamental considerations is the area of “exceptions.”
It is simply a given in any enterprise that there will be exceptions to cybersecurity policies and procedures. These range from patching exceptions to multifactor authentication (MFA) exceptions to access and firewall exceptions. How an organization processes and tracks exception requests, and evaluates risks associated with exceptions, can have a major impact on how easy or difficult it is for the organization to monitor, detect, and respond to cyberattacks.
Are Cybersecurity Exceptions Justified?
Attackers will leverage exceptions because they provide an easier path into an organization’s environment. For example, I supported a military contract and the command was rolling out application allowlisting. The aides to senior officers requested exceptions for those seniors because they were concerned that the technology might “interfere” with the senior officers’ work. However, the senior officers were the exact group needing additional security protection.
We were able to meet and explain to the aides how the tech would better protect these VIPs, and we would coordinate with their offices to quickly resolve any issues with the technology. Despite some misgivings, the VIPs ultimately were better protected and the exception requests were dropped. All it took was sitting down and discussing the users’ worries and patiently explaining how to ease those worries.
Exceptions ultimately indicate how good your security could be — if there were fewer exceptions (or none at all). Here are some things to keep in mind:
- Ensure you have a clear and concise process for requesting and approving exceptions. (Hint: Convenience is not a good basis for granting exceptions!) That process should align with other security policies, such as the organization’s acceptable use policy.
- The process should include a risk assessment to determine the impact of the exception.
- Track all exceptions to ensure they are not being abused.
- If you have too many exception requests, you may need to modify your policy so that employees can get their work done securely.
- Exceptions should expire. If necessary, they can be reviewed to see if they are still valid.
If you’re falling short on cybersecurity fundamentals, such as an exception process, you’re going to be facing security issues regardless of how much time and money you invest in new technologies. Automation and other solutions can help, but they don’t erase every problem, including those that require new human behaviors and processes. Just like Achilles from Greek mythology, it’s easy to forget a weak spot if you’ve lived with it for a long time. And just like Achilles, such forgetfulness can have severe consequences.
Baca lebih lanjut Perspektif Mitra dari Google Cloud
- Konten Bertenaga SEO & Distribusi PR. Dapatkan Amplifikasi Hari Ini.
- PlatoData.Jaringan Vertikal Generatif Ai. Berdayakan Diri Anda. Akses Di Sini.
- PlatoAiStream. Intelijen Web3. Pengetahuan Diperkuat. Akses Di Sini.
- PlatoESG. Karbon, teknologi bersih, energi, Lingkungan Hidup, Tenaga surya, Penanganan limbah. Akses Di Sini.
- PlatoHealth. Kecerdasan Uji Coba Biotek dan Klinis. Akses Di Sini.
- Sumber: https://www.darkreading.com/google-cloud-security/what-are-your-exception-expectations
- :adalah
- :bukan
- a
- Sanggup
- diterima
- mengakses
- Achilles
- Tambahan
- mengambil
- di depan
- AI
- meluruskan
- Semua
- selalu
- an
- dan
- Apa pun
- Aplikasi
- arsitektur
- ADALAH
- DAERAH
- AS
- penilaian
- terkait
- At
- Otentikasi
- Otomatisasi
- Dasar-dasar
- dasar
- BE
- karena
- perilaku
- makhluk
- Lebih baik
- membangun
- tapi
- Pembelian
- CAN
- Bisa Dapatkan
- Pasti
- mengejar
- jelas
- komputasi
- prihatin
- ringkas
- Konsekuensi
- pertimbangan
- kontrak
- kenyamanan
- mengkoordinasikan
- bisa
- terbaru
- canggih
- maya
- cyberattacks
- Keamanan cyber
- Meskipun
- menemukan
- Menentukan
- sulit
- mendiskusikan
- don
- dilakukan
- turun
- menjatuhkan
- memudahkan
- mudah
- Mudah
- karyawan
- memastikan
- Enterprise
- Lingkungan Hidup
- Setiap
- contoh
- pengecualian
- harapan
- Menjelaskan
- menjelaskan
- menghadapi
- Jatuh
- gagal
- sedikit
- firewall
- Untuk
- dari
- mendasar
- Fundamental
- mendapatkan
- mendapatkan
- diberikan
- akan
- baik
- pemberian
- Yunani
- Kelompok
- Memiliki
- membantu
- di sini
- PANAS
- Seterpercayaapakah Olymp Trade? Kesimpulan
- How To
- Namun
- HTTPS
- manusia
- i
- if
- Dampak
- penting
- in
- memasukkan
- Termasuk
- menunjukkan
- mengganggu
- ke
- Menginvestasikan
- masalah
- IT
- jpg
- hanya
- Menjaga
- Terbaru
- Leverage
- 'like'
- Panjang
- lama
- utama
- banyak
- Mungkin..
- Pelajari
- MFA
- mungkin
- Militer
- kontrak militer
- keberatan
- memodifikasi
- uang
- Memantau
- lebih
- banyak
- otentikasi multifaktor
- perlu
- Perlu
- membutuhkan
- New
- Teknologi baru
- None
- obyek
- of
- petugas
- kantor
- on
- ONE
- or
- organisasi
- organisasi
- Lainnya
- di luar
- Menambal
- path
- sabar
- perspektif
- perencanaan
- plato
- Kecerdasan Data Plato
- Data Plato
- Kebijakan
- kebijaksanaan
- tekanan
- Masalah
- Prosedur
- proses
- proses
- program
- melindungi
- terlindung
- perlindungan
- memberikan
- Kuantum
- komputasi kuantum
- segera
- jarak
- RE
- Bagaimanapun juga
- relevan
- menggantikan
- permintaan
- membutuhkan
- Menanggapi
- review jurnal
- benar
- Risiko
- penilaian risiko
- risiko
- bergulir
- s
- aman
- keamanan
- kebijakan keamanan
- melihat
- senior
- parah
- Pendek
- harus
- hanya
- Duduk
- So
- Solusi
- beberapa
- Spot
- tinggal
- Masih
- struktural
- sukses
- seperti itu
- Didukung
- tech
- Teknologi
- Teknologi
- bahwa
- Grafik
- Daerah
- mereka
- Mereka
- Sana.
- Ini
- mereka
- hal
- itu
- ancaman
- waktu
- untuk
- terlalu
- mengambil
- alat
- Topik
- Kepercayaan
- Akhirnya
- dasar-dasar
- menggunakan
- Pengguna
- sah
- vip
- adalah
- we
- adalah
- Apa
- seluruh
- akan
- dengan
- Won
- Kerja
- akan
- Kamu
- Anda
- zephyrnet.dll
- nol
- nol kepercayaan