Technology in 2020: How to determine the strength of your Security Posture
Let’s discuss your organization’s technology in 2020. The SMBHD Maturity Assessment Tool exists to help companies understand the current state of their security posture. It provides visibility into critical components that make up a mature security posture, and where your organization can make improvements. The results will help to get the conversation started. We can help stabilize your overall infrastructure, ensure your team is educated and compliant, and keep your data protected.
There are seven areas where a security maturity posture need to be measured for technology in 2020 …
Governance, Compliance, and Assurance
Security Technology in 2020
Threat & Vulnerability Management
Keep in mind:
A detailed assessment will be performed by the SMBHD team to ensure a thorough investigation. We can find opportunities to build your organization’s security maturity. The following are questions in our Maturity Assessment that you can ask yourself in order to better understand where your organization stands now. If you take the maturity assessment, we can tell you what can be done to improve going forward. As you respond to each question within the tool, a graphic will display in real time an estimated visualization of areas in security that needs attention. This provides a clear representation of the vulnerabilities currently putting your company at risk.
1: How would you rank the state of your current environment regarding security?
Current environment implies the technological environment at your place of business. It includes everything from phone systems, computers, mobile devices, servers, etc.
2: How would you rank Incident Management at your organization?
Incident Management is an IT term used to describe returning service to normal after an incident (aka a disaster or a breach), in a way that results in little or no downtime or impact on business operations.
3: How would you rank Risk Management at your organization
Risk Management is an IT term used to describe the application of risk management methods applied to your technological environment. Specifically, it’s about the risk associated with the use, ownership, operation, involvement, influence, and adoption of IT within an organization.
4: How would you rank Governance, Compliance, and Assurance at your organization?
Governance, Compliance, and Assurance encompasses an organization’s strategy on broad issues of corporate governance, and compliance regarding regulatory requirements. It’s also about managing risks related to the use, processing, storage, and transmission of data, and the systems and processes used for those purposes.
5: How would you rank Security Organization at your organization?
Security Organization is the extent to which an organization creates policies and procedures for the organization’s Security Technology, which includes material assets that warrant safeguards; such as IT information, software, hardware, data centers, etc.
6: How would you rank Security Technology at your organization?
Security Technology is a term that encompasses technological material assets that warrant security safeguards; i.e. IT information, software, hardware, data centers, etc.
7: How would you rank Third Party Risk Management at your organization?
Third Party Risk Management is about analyzing and controlling risks presented to your company, your data, your operations, and your finances, due to third party involvement. This can include business partners, contractors, or anybody outside of your organization.
8: How would you rank Threat and Vulnerability Management at your organization?
Threat and Vulnerability Management is the extent to which an organization identifies IT vulnerabilities, evaluates the risk involved with those vulnerabilities, and defines the process of remediation thereafter.
9: Do you have a ticketing system to track events at your organization?
An event is an IT term for identifiable occurrences that have significance for system hardware or software. These can be user-generated actions, or system-generated actions.
10: Is your business proactive for IT related issues?
To be proactive in the IT context, is an approach that focuses on eliminating problems before they have a chance to appear, rather than responding to problems as they arise.
11: You have visibility for risks at your organization.
Visibility in the context of risk encompasses an organization’s insight into their own risk (including end users), and threats that are relevant to the organization itself. It also encompasses having the ability to filter and focus on what insights matter, in accordance with the organization’s unique risk tolerance.
12: Your organization would be able to recover from a cyber-attack if your data was stolen or encrypted.
Recovery in the IT context has to do with the process of restoring lost data – including accidentally deleted, corrupted, or made inaccessible by cyber criminals.
Governance, Compliance, and Assurance
13: All security infrastructure at your organization is monitored continuously, with an incident response plan, and coordination with law enforcement.
Security infrastructure encompasses a network of security measures designed to protect the organization from a variety of threats to systems and devices on the network. An example of Security Infrastructure is like having an enhanced firewall, or security device monitoring.
14: Security program at your organization is formalized and regularly updated and functional.
15: Does your organization conduct an annual security assessment?
An annual security assessment is performed to identify your existing security posture, and usually includes critical insights, recommendations, and steps for remediation for any exploitable vulnerabilities that are uncovered.
16: There is a complete list of security policies written at your organization.
Security policies exist to address constraints on behavior of employees as well as constraints from outside forces to protect a company’s physical and IT assets.
17: All security infrastructure is in place, but some may be obsolete, not updated, or monitored.
Security infrastructure encompasses a network of security measures designed to protect the organization from a variety of threats to systems and devices on the network.
18: Do you use third-party managed security services?
Managed security services are network security services (monitoring and management) that have been outsourced to a service provider.
19: Do you audit your third-party vendors?
20: Do you know if your third-party vendors have the proper certifications?
Threat and Vulnerability Management
21: Do you conduct ongoing vulnerability scans?
A vulnerability scan is a program designed to assess computers, systems, networks, and applications for known weaknesses (exploitable vulnerabilities). This helps to provide insight into your organizations existing security posture.
22: Do you manage your hardware life-cycle and have asset management policies in place?
Hardware life-cycle is a sequence of stages that an organization’s IT assets go through during the span of ownership.
Asset Management Policies address issues regarding the monitoring and maintenance of valuable assets. In the IT context, it’s usually referring to technological hardware.
These questions offer a thorough investigation of your organization’s security maturity to get your technology in 2020 on track. Click here for more information on our security services.
More on the importance of security maturity: