Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Four Things Every CIO Should Do as Habit

There are some things that the best CIOs and IT managers can’t prevent entirely as they depend on other people. An example of this is the employee who leaves a laptop open in a coffee shop and walks away “just for a few minutes.” There are some things which every CIO has control over, however. When these are overlooked, and a breach occurs, I have to shake my head at how easy it would have been to prevent. Here are four things I wish every CIO would make into a habit.

Centralized Log Monitoring

There are some things that the best CIOs and IT managers can’t prevent entirely as they depend on other people. An example of this is the employee who leaves a laptop open in a coffee shop and walks away “just for a few minutes.” There are some things which every CIO has control over, however. When these are overlooked, and a breach occurs, I have to shake my head at how easy it would have been to prevent. Here are four things I wish every CIO would make into a habit.

Centralized Log Monitoring

Four Things Every CIO Should Do on SecurityCentralized log monitoring consists of a log collector or centralized server on which all logs are sent to and archived. Each client or server that sends logs to the collector is configured in such a way that it maintains local logs but also forwards a copy to the centralized collector. In most instances, this doesn’t even require a client installed on the server. This provides a few key benefits that can make a huge difference in the company’s security.

1. Log monitoring and review becomes efficient. Centralized log collection provides an efficient way to spot network-wide security anomalies by being able to quickly review logs from multiple sources. Some log monitoring suites allow you to write alert criteria for certain events, or even certain number of events. For instance, a system administrator could quickly be alerted to multiple failed logins on a system, or multiple systems with proper alerts setup.

2. Correlation becomes possible. By collecting all your logs in a central location, a security analyst is now able to quickly correlate events over multiple systems to either detect an attack, or reconstruct one. Some log monitoring suites or SIEMs can automatically correlate this data for you on predefined or custom rules providing a great deal of insight into your organization’s network.

3. Log integrity is preserved. In the event of a breach or security incident, any attacker worth their salt will at least take a few moments to try and cover their tracks. The most trivial of which can be modifying logs. With centralized log monitoring, logs are forwarded in parallel and the attackers tracks are “immortalized” on the log collector. Without proper log management, this can become a forensic nightmare.

Heed Industry-Wide Security Best Practices or Guidelines

Organizations like The National Institute of Standards and Technology (NIST) and The Center for Internet Security (CIS) have developed security baselines for various operating systems. No organization large or small is above these standards. Companies should use these as a baseline or develop their own baselines and adapt them for their unique environments, and they should be reviewed and updated. Unfortunately security is not stagnant, neither are attacker’s methods. As new types of attacks and attack vectors are introduced, system security configuration baselines should be modified to take these into account.

Work to Instill Security as A Culture

Security should be a culture. Leaving security in the hands of a few individuals will always fail. As with most other business decisions, security has to be approached from a top down mentality – without executive and managerial buy-in, a good security program cannot exist. It needs to be part of the company culture and every employee’s responsibility. (More on this in my last column of the year.)

Empower the IT Staff

A trap that companies often fall into, is putting their trust into software instead of the IT staff that deploys and maintains it. This leads to stagnant security programs and management oversight issues. Your IT team is the easiest place to start in reducing errors because that is their focus and skill set. Empower them with monitoring, on staying on top of updates, and task them with keeping up with new solutions and solutions in the evolving area of security technology. Happily provide continual education including certifications, and consider peer challenges to keep them at the top of their game. Remember, technology can fail too. What will act as backup when that happens? Humans.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.