Our approach to cybersecurity, in many instances, is just like asking our children to clean their room and never checking on their progress. If we want to secure our environments, we must implement responsible cyber practices. Accountable means that at any given point in time I know the viability of the security standards I have implemented. Accountable means that I do not just go through the paper exercise to create security standards and policies, similar to asking children to clean their room, but I check on the progress to see if the room is clean, or as it applies to cyber I know if my standards are working.
Understanding security threat through the use of log aggregators or other automation currently found within our environments today is a lot like getting punched in the face and knowing that I will put up my guard the next time he swings. Log aggregators and SIEM solutions are a significant first step, although they are very dependent upon manual labor. Information and declarations produced by these products leverage algorithms, predictive analysis, and assumptions. Although these are fine approaches, there is a more natural and simplified way.
My preference is to always lean upon known variables to declare or define threat within the environment. The two known, static variables within our environment include the event logs and the cybersecurity standards we have developed. Manufacturers and OEMs produce event logs with thousands of potential events related to hardware and software commonly found in our environments, a known variable. The security standards that we establish that incidentally provide us comfort that we are doing all that we can to be secure are relatively static as well. Think about it, we develop the standards and in most environments live with those standards for years. Granted the events differ based upon real-time occurrences within the environment, although we can track those occurrences based upon known and repeatable event codes. We may adjust our cyber standards and policies over the course of time, although the core standard stays relatively consistent for many years. If you are truly seeking accountability in the cyber posture within your organization, you must align the known event variable with the known security standard. In other words, you must have accountability for your cyber standards that you have deployed; you must check to make sure the room is clean. BAP virtual appliance is a unique software solution that continually monitors your environment, aligning real-time events to your security standards. Are seeking accountability for your cyberstrategy? Check out BAPSolution.com.