Maksim Kabakou - Fotolia
The designing, creating, deploying and managing of an organisation’s data architecture and information security are two strictly intertwined aspects of an organisation’s security efforts.
Vulnerability management is a continuous task. Discovery of vulnerabilities for newly deployed systems or detection of vulnerabilities previously unknown to the industry results in the requirement for constant vigilance and validation.
Given that systems change more frequently than ever as a result of contemporary development techniques and cloud deployments, cyber security needs to keep pace with such change. Technical change can result in risk being introduced – and frequent change needs to be managed to maintain a robust posture.
The discovery, risk management and treatment of vulnerabilities is a core aspect of cyber security. Once a vulnerability is discovered, it needs to be managed via either mitigation or risk acceptance.
Data architects can assist with this endless cycle of change and risk by integrating system metadata with the information security function.
A key aspect of cyber security is visibility. If data or metadata changes over time relating to systems under cyber security management, the need for visibility becomes even more essential.
Data architects can assist with developing solutions to support cyber and enable the detection of potential vulnerabilities in several ways.
Read more from Computer Weekly’s Security Think Tank about how infosec pros and data architects could work together to support the business and protect data
- CIA at heart of infosec-data architect partnership.
- Interdisciplinary ties are key to security integration.
- Dialogue between data architects and security leads is essential.
- Security is a business, not an IT function.
- Communication, processes and tech: A new beginning for security.
- Balancing data accessibility with security controls.
1. Modelling a data architecture which is accessible by cyber security solutions and teams in terms of integration into a toolchain to assist with situational awareness.
Having integration and alerting of events can assist cyber security teams with understanding what’s happening in real-time. Information on what’s deployed and what’s in flux can assist with monitoring changes in the potential attack surface.
3. Integration and correlation between vulnerability data and component enumeration. This can be very effective in helping to understand how individual systems are “built” (their composition) and to detect which systems require assessment based on the components each system hosts. If a system is deployed with certain components and subsequently a vulnerability is discovered pertaining to the identified components, awareness and intelligence relating to this discovery can be invaluable.
3. Modelling data relating to newly deployed or changed systems can be used to enable cyber security teams to focus on what matters as an organisation’s systems evolve over time.
The ability to draw on such data, which can be used to react quickly, is very effective in relation to situational awareness. Data in relation to new system deployments and decommissioned systems also informs cyber security functions regarding their organisation’s exposure to potential risk.
4. Integration between technical deployment metadata and cyber security monitoring and assessment helps security teams understand how the organisation’s profile is moving and what to be aware of. Data architecture can assist greatly with this correlation.
Data architecture, if designed to be accessible by cyber security systems, can provide additional vulnerability intelligence and awareness, sharpen focus and enable responses in a prioritised way.