One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 7431361 |
| Date de publication | 2022-10-13 10:00:00 (vue: 2022-10-13 10:06:35) |
| Titre | #See Yourself in Cyber: Top Five Ways to Help Improve your Organization\'s Security Posture |
| Texte | Since 2004, the President of the United States has proclaimed October as cybersecurity awareness month, helping individuals better understand cybersecurity threats and protect them from them. Every year, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) collaborate to increase cybersecurity awareness among private sector companies and consumers. This Year’s Theme: “#See Yourself in Cyber “This year’s campaign theme — “See Yourself in Cyber” — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This October will focus on the “people” part of cybersecurity, providing information and resources to help educate CISA partners and the public, and ensure all individuals and organizations make smart decisions whether on the job, at home or at school – now and in the future. We encourage each of you to engage in this year’s efforts by creating your own cyber awareness campaigns and sharing this messaging with your peers.” -Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity is Complex See Yourself in Cyber can be interpreted in multiple ways. To me, it’s speaking to those students unsure of what to major in, telling them to see themselves working in the industry. It’s reaching out to other departments within an organization to get them to understand how they impact security. And highlighting how hard a security analyst’s job is. In a recent blog post, I dove deeper into why security is more challenging than ever. And it all comes back to people. People are the heart of any security organization. Security tools are a requirement, but they don’t replace people. According to (ISC) ²’s 2021 Cyber Workforce Report, there is still a cybersecurity workforce gap of more than 2.72 million. Which for some organizations can mean they’re already behind before even starting. Improving Your Security Posture There are many ways an organization can improve its security posture. They can share threat intelligence. They can invest in threat intelligence platforms or XDR solutions that improve their existing investments. For this blog, I’ve narrowed it down to five: 1) Understanding Your Relevant Threat Landscape Understanding the attack surface is key to knowing what assets need protection and how best to protect them. Unfortunately, most organizations struggle because their attack surface keeps changing. Start with an attack surface assessment. Find out how an attacker sees you. Map your assets against their potential vulnerabilities and readiness to prevent or respond to threats. This will help understand how well current tools and investments protect critical assets and what additional measures need to be taken to improve protection. A comprehensive assessment should include the following: • Visibility into all external facing assets to uncover exposed assets • Identify and evaluate the current security programs • Evaluate the effectiveness of information security policies, procedures, and processes • Determine the effect of cybersecurity incidents on KPIs, including availability, integrity, and privacy • Assess the maturity level of current tools and investments |
| Envoyé | Oui |
| Condensat | #see “#see “a “see “this ²’s 2004 2021 able about access according accounts across act action actionable actions actor addition additional address adopting advanced adversaries adversary affect affected after afterward again against agency ahead align aligning all alliance allow allows already alternative among analysis analyst’s analysts anomali another any applications approach apps are areas aspect assess assessment asset assets associated attack attacker attackers attacks attempt automate availability avoiding awareness back backups because become before begins behind being best better between blog board boil both breach breaches break build business but calls campaign campaigns can cause caused center cents ceo challenges challenging chances change changes changing charges chat cirp cisa clear cloud collaborate collaborative collect collection combines comes common communicating communication companies company’s completely complex compliance components: comprehend comprehend: comprehensive compromise computer computing conduct conducting confidential connect connected consequences consider considering consistently consolidated constant consumers contained containment continuous continuously controls corporate correlated cost costly could covers created creates creating criminal critical culture curated current cyber cyber” cyber: cyberattack cyberattacks cybersecurity damage data databases day deal decisions deeper defines demands demonstrates departments deployment detail detailing detect detecting detection determine develop development devices different directly directors disabled disconnected dividends document does don’t done dove down during each easier easily educate educating effect effective effectively effectiveness efficient efficiently efforts eliminate email emergency employee employees employer enables encourage enforcement engage engaged enriched ensure ensuring environment equipped eradication erase error essential evaluate even events ever every everyone existing expand exploits exponentially exposed exposing exposure extended external eye face facing failed fall feel feeling files finally finance find fines finish first five five: focus followed following following: forget forward foster found foundation friction from further future gain gains gap gaps gathering get gives global goes growing guides hack hackers happening happens hard have heart heavily help helping helps highlighting home how human i’ve identify identifying impact improve improved improving incident incidents include includes including increase increased increases increasingly individuals industry inevitable inform information infrastructure inside insight insights instant integrated integrating integrity intel intelligence intelligently intended interface interpreted inventory invest investigations investments isc isn’t issue issues it’s its job just keep keeps key know knowing kpis landscape largest law leaders leading leaves level like live log logged long looking maintain major make makes making malware manage management managing many map marketing markets maturity may maybe mean means measures media meetings messaging methods might million minimize missing misuse mobile monitor monitoring month more most multiple must narrowed national nca need needs network networks new next nist normalized not notification notify now objectives occur october offer often one open operational operations opponents’ options organization organization’s organizations organizations’ other out outcome outside over overall overlooking own part partners parts password passwords path pay peers people performance perimeter personal perspective phishing phone physical plan planning platform platforms points policies possible post posture potential practices prepare president pressure prevent privacy private proactive problem procedures process processes proclaimed products program programs protect protection provide providing public quality quick quickly rangin |
| Tags | Ransomware Malware Hack Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.