COVER STORY
agreements which enabled contractors
to deliver systems with little or no
security controls in place. This was a
huge problem at the beginning of my
career so it was a good area to focus
on – making sure that security controls
(policies, processes, people, technology)
are implemented as part of the system
development life cycle (SDLC). To this
day, I am still helping organisations
implement security controls as they
embrace the new SDLC process of
Rugged DevOps or DevSecOps as part
of a cloud-first initiative.
How can organisations
implement a risk assessment
strategy and how do they
prioritise the risks?
Risk can be calculated by impact
and needs to be done on a continual
basis because the organisation’s
risk posture changes from second to
second, especially during zero-day
exploit attacks. The first key aspect is
Continuous Monitoring – how do you
automate the integration of all your logs
and use Bayesian statistics to develop
risk scores. A human link can’t ingest
and process the volume, velocity, variety,
veracity and value of all the data. So,
you need to build Artificial Intelligence
algorithms on top of your Big Data lake
where you’re collecting all of your logs.
From there, you can understand and
pick up on anomalies and correlate
events on a real-time response basis. If
you’re not examining the log traffic and if
you’re not looking for the communication
channels, you’re not going to be able to
detect it quickly enough, so it has to be
automated rather than done by a human.
The second aspect is understanding
where your data assets are, what the
impact is and who is accessing it, as
well as what the behavioural pattern
looks like. Mature insider threat
detection programs integrate all different
types of data sources from the data
lake including physical security controls
like badge readers, Bluetooth mobility
pings, video feeds and environmental
controls. Internet of Things (IoT) devices
and networks provide the capability
to automate sensor feeds and collect
data that is ancillary to logging in IT
system controls. Correlating the physical
presence data with the IT security
controls improves the threat detection
confidence and risk posture. These are
the same principles being applied in
contract tracing of COVID-19 patients to
mitigate the risk of spreading the virus.
To summarise, build a Big Data analytic
engine that correlates a lot of data and
understands the informational assets and
the impact on the business to predict the
risk posture of the organisation.
In light of the current working
environment, how are you
helping companies to address
security challenges?
In light of the COVID-19 pandemic, I
have been helping organisations mature
their remote teleworker service offering
which is part of their business continuity
plan. A lot of companies had not tested
their business continuity plans and were
on the fence in terms of how to expand
their remote telework offering. I help
them pivot and respond to the demand
by implementing scalable solutions
securely. Some helpful guidelines
include the NIST 800-46rev2 document
which walks you through the security
controls for remote teleworking – how
do you secure the endpoint, do you
allow them to have their own endpoint,
52 Issue 25 | www.intelligentciso.com