Security awareness for managers, leaders within cyber security.
Protecting the Chief Information Security Officer (CISO) from cyber threats. CISO are responsible for an organisation’s overall security. There are some controls that can be used to help protect this role:
Cybersecurity Awareness, the CISO should receive specific, regular training and education on the latest cyber security threats, including security best practices. Typically a CISO will be exposed to different security disciplines and be experienced within cyber security. The type of recommended training is education on social engineering attacks, how specific people are targeted in an organisation and how to spot signs of social engineering as well as social engineering prevention techniques.
Strong Authentication, the CISO must use strong authentication practices for all systems and services, always using unique and complex passwords, always use approved multi-factor authentication (MFA). Always use secure password managers to store and generate passwords.
Use Secure corporate devices, only allow use of corporate devices, fully supported software including security software (A/V and anti-malware). Prevent any non-standard or self-installed software. As a fully managed device, this must include regularly patches for software and hardware. Only allow connection to known secure networks, through virtual private networks (VPNs).
Apply Least Privileges, all of the CISO accounts and systems should have least privilege applied, there are very few occasions where administrator access is needed, this includes any read only admin permissions, which should be removed. Regularly review and monitor of privileges for excessive privileges.
Continuous Monitoring and Detection, monitoring tools and detection systems should be able to identify and respond to potential threats in near real-time. Logging and monitoring on systems used by important roles including CISO, to track suspicious activities.
Encryption, all data should be encrypted, this includes both network and internet traffic as well as the local storage device, in the event of theft, the data remains encrypted if powered off.
Incident Response, there should be procedures documented specific to cyber threats targeting the role of CISO. The procedures should follow incident response protocols.
Security Assessments, regular security testing should be performed, particularly vulnerability assessments, looking for vulnerable software used by the CISO and patching known vulnerabilities when found.
Data Management, encourage the CISO to store data remotely where retention periods can be better controlled, and not locally. In the long term, storage to local devices can become a gold mine if the corporate device becomes compromised.
Operational security, any security role should avoid discussing sensitive information in public spaces either verbally or electronically. This can include locations such as coffee shops, hotel lobbies, restaurants, conferences and semi-private sales pitches. Any information can be useful, even acknowledging which security vendors the CISO has chosen can be useful to an attacker.
Any controls you think should be included? Let me know
