In our research and investigations, we often observe sophisticated attack techniques. But typically, even well-funded and highly targeted attacks rely on victims who aren't following some of the basics of security. Implementing best practices alone won't protect you against all adversaries. They will raise the bar for attackers by some amount, but with enough resources, attackers can find a way in. Following the basics allows you to develop more advanced techniques and approaches to stop more advanced adversaries.
We work with security executives across the industry and understand the many different challenges that they face. Some of the basics, like writing and enforcing policies, maintaining an available and effective operational security infrastructure, protecting company and customer data, or establishing effective relationships all require different strategies and resources. Security execs balance these responsibilities against not only external attackers, but also the needs of staff, other executives, and boards of directors. The challenges may be plentiful, but the right plan built on strong fundamentals will protect your organization from cyber attacks.
Based on our conversations with executives and research into the latest threats, Talos is rolling out a series of short, non-technical posts for the executive security community. We'll structure our conversation around the following pillars of information security that should resonate with executives:
- Governance and risk management
- Security architecture
- Asset & vulnerability management
- Endpoint protection
- User management
- Third parties & the supply chain
- Incident response
- Monitoring & audit
- Data protection & recovery
- Secure configuration
- Advanced threat hunting
We'll talk about the problems CISOs are facing today, what a CISO should know about these areas, and the proper ways to respond to those problems. We'll reference applicable Talos research and reference established standards and compliance controls. Whether you're a freshman security executive or seasoned professional, we want to facilitate a conversation on topics that matter to you.
We'll update this blog post with the full catalog of topics as they're published. Released posts in this series so far include:
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.