Opinion

Security Think Tank: Automation requires management, monitoring, governance

There are many tools that professionals can use to automate information security processes. These tools and processes include antivirus, firewalls, security/network event logging, intrusion detection and vulnerability scanners, self-service password systems, identity and access controls, patching and many others. However, all of these require management, monitoring and governance.

Managing these tools/processes is time-consuming and can lead to human error. In spite of many organisations using automated security tools individually, there has been limited success at connecting multiple systems to provide a clearer view of information security across the enterprise.

40199_Security-think-tank.jpg

The benefits of automation include less manual intervention, reduced overheads in managing applications and faster identification of vulnerabilities, threats and incidents. When considering automation, some initial steps include:

  • Obtain senior leadership/stakeholder support and budgets
  • Understand and classify the organisation’s most important information assets
  • Establish a baseline for existing (‘as-is’) controls
  • Identify gaps or deficiencies in the ‘as-is’ state, define desired ‘to-be’ state
  • Develop tactical and strategic plans to address quick wins and a long-term vision
  • Create a prioritised list of controls to be automated.

It is important to note that when considering and applying the above steps, business risk should be at the foundation of each decision.

Common obstacles to automation include the human element, such as lack of awareness and a need for training and behavioural change. There are also challenges to recruiting or developing existing staff with the appropriate skills and technical capability to manage automated systems.

There are a number of information sources available to help organisations – for example, the Information Security Forum (ISF) Standard of Good Practice (which highlights 118 control topics) and SANS 20 Critical Security Controls. These references can be used to baseline existing controls and identify opportunities for automation that can more effectively manage business risks.


Indy Dhami is a principal research analyst with the Information Security Forum (ISF).

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in June 2014

 

COMMENTS powered by Disqus  //  Commenting policy