5 Key considerations of a Cyber Risk Management Program Design.

Cyber Risk Program.jpg

Cyber Risk

Cyber Risk Management

Hallmarks of an Effective CyberSecurity Program

The challenge for any effective Cybersecurity Program is to implement a comprehensive program which incorporates the control elements below; the controls highlighted in bold are the must haves for the basic level of protection.

The paper outlines in brief, the five hallmarks of an effective CyberSecurity Program.

1.    Program Documentation

The Program must be clearly documented. In the eyes of the Regulators, if you do not have documentation, you are not doing anything. Moreover, the program will be clearly worthless unless it is correctly enforced and its suitability is regularly checked.

2.    User Security Awareness Program

A well-trained staff can serve as the first line of defense against cyber-attacks. Effective training helps to reduce the likelihood of a successful attack by providing well intentioned staff with the knowledge to avoid becoming inadvertent attack vectors (for example, by unintentionally downloading malware).

3 Application of CyberSecurity

Here is a list of common cybertechnology controls that can/should be used, depending on resources and materiality.

  • Anti-malware technology, such as endpoint antivirus

  • Email scanning (cloud and/or on-premises) /Web protection/web proxy services

  • Security information and event management (SIEM)

  • Hardening workstations (removing programs such as Adobe Flash)

  • Firewall ingress and egress rules and/or next generation firewall

  • Weekly and monthly patch management (operating and applications systems)

  • Network intrusion system and/or host intrusion

4.Vulnerability/Incident Reporting /Lessons learned

Planning and preparing for a cybersecurity incident is one of the greatest challenges faced by any organization. When a cybersecurity incident occurs, how it is handled will be a reflection on the capability and ability of the management to act and respond. Incident reporting must lead to proactive changes i.e. employment of new countermeasures, amendment to procedures; otherwise similar incidents can be repeated with varied success.

5.Key Prevention Techniques

Here is a list of common prevention measures need to prevent in house breeches.

  • Full disk encryption on mobile and portable endpoints

  • Restriction of local administrative and/or domain administrative rights

  • Basic logging of authenticated user activity (logon/logoff events)

  • Password management and/or password policies

  • User awareness training /Advanced logging of authenticated user activity (folder/file-level auditing)/Principle of least privilege (using file share and/or NTFS permissions)

  • Snapshot backup/recovery capability

  • Application white listing – permitting only those applications that have been approved to do so to operate on networks.

Comments:

The average cost of a CyberSecurity breach is believed to be monetarily in the region of $3.7 million, but it’s after effects can have far more reaching consequences in terms of operations and reputation. There has never been a greater need to remediate this risk, especially in New York, with the NYDFS Cybersecurity Regulation Deadline passed on the 28th August 2017.

It is now expected that each Firm has a robust CyberSecurity Program which must be based on the fundamental principles of Cybersecurity, People, Process and Technology. The Program should be enterprise wide, capable of being tested, and exhibit clear and transparent metrics. Furthermore, the Program should evidence clear roles and responsibilities, established plans (breach notification, security awareness, incident response) with continued development, training and education to reinforce policy and controls.

The Program must be clearly documented. The regulators view non-existing documentation equal to disinterest in the matter.  Since CyberSecurity touches so many parts of the organization, there is a need for a wealth of documentation supporting the effectiveness of the program. For best practice, the Cybersecurity Program must cover the five core elements of the NIST Cyber Security Program: Identify, Protect, Detect, Respond and Recover. The framework below follows these elements and outlines the main components which constitute the makeup of the Policies and Procedures.

A) Identify: Identify internal and external cyber risks Identify Nonpublic information in your network including who and how it is accessed.

Policies and Procedures:

1) Risk Assessment, 2) Data Governance and Classification, 3) Capacity and Performance Planning, 4) System Operations and Availability Concerns

B) Protect Using the three lines of defense.

Policies and Procedures:

5) Information Security, 6) Customer Data Privacy, 7) Access Controls and Identity Management, 8) Systems and Application development/Quality Assurance, 9) Vendor and Third-Party Provider Management, 10) Systems and Network Security, 11) Physical Security and Environmental Controls.

 C)  Detect: Detect Cybersecurity events

Policies and Procedures:

12) System and Network Monitoring

D)  Respond: Respond to identified or detected cybersecurity events to mitigate any negative effects

Policies and procedures:

13) Incident Response

E) Recover: Recover from cybersecurity events and restore normal operations and services

 Policies and Procedures:

14) Business Continuity and Disaster Recovery Planning and Resources #risksmartinc

John Thackeray