What is your 2020 cybersecurity posture?

WWhat does it mean to understand or improve your Cybersecurity posture?

The NIST definition of cybersecurity posture is “the security status of an enterprise’s networks, information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.” It’s the overall IT security system and the practices defined to secure the company.

Axis uses a cybersecurity framework (CSF) to help improve the overall security posture of our clients. Our CSF includes 5 basic elements.

  1. Identify
    1. Definition:
      1. Develop an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities
    2. Next steps:
      1. Establish a risk baseline
      2. Define and inventory entire attack surface
      3. Make your vulnerabilities visible
      4. Understand compliance metrics
      5. Develop/improve security plan
      6. Set up infrastructure controls
    3. Axis solutions:
      1. Axis security vulnerability scan
      2. Internal and external scans
      3. Axis security audit and consult
      4. Axis CISO (chief information security officer)
  2.  Protect
    1.  Definition:
      1. Safeguard critical infrastructure services to limit the impact of a potential cybersecurity event
    2.  Next steps:
      1. Introduce infrastructure security appliance
      2. Install antivirus and conduct policy consult
      3. Set up cloud services protection
      4. Build a user awareness program
      5. Assess and patch vulnerabilities
      6. Establish web security
      7. Institute multi-factor authentication (password policy audit)
      8. Employ maintenance and internal auditing
    3.  Axis solutions:
      1. Axis firewall install and policy audit
      2. Axis antivirus install and policy audit
      3. Azure security center
      4. Axis user sensitivity training
      5. Axis MSP or WSUS management
      6. Axis web filtration solutions
      7. Axis SSO solutions
      8. Customize Axis maintenance strategies
  3.  Detect
    1.  Definition:
      1. Define activities to identify the occurrence of cybersecurity events
    2.  Next steps:
      1. Monitor infrastructure
      2. Use third-party audits on a regular basis
      3. Employ AV systems with advanced heuristics
    3.  Axis solutions:
      1. Axis 24/7 managed SOC (security operations center)
      2. Axis scanning tools–help fix prior to audits
      3. Sophos InterceptX with EDT–incidence response and machine-learning technology
  4.  Respond
    1.  Definition:
      1. Define actions regarding a detected incident and the ability to contain the impact of a cybersecurity incident
    2.  Next steps:
      1. Establish an incident response plan
      2. Define who is responsible for each part of the plan
      3. Determine what needs to happen for data breaches, denial of service attacks and ransomware attacks
    3.  Axis solutions:
      1. Axis consulting services
  5.  Recover
    1. Definition:
      1. Define actions for DR (disaster recovery) and how to restore capabilities and services to normal operations that were impaired due to a cybersecurity incident
    2. Next steps:
      1. Establish a backup and retention plan
      2. Institute a disaster recovery plan
    3.  Axis solutions:
      1. Backup solutions–on-premise and cloud DR
      2. Axis DR solutions–with real-time replication

Axis can help our clients with any or all of these 5 elements, but our security team always stresses the importance of the first step is in the process. IDENTIFYING the cybersecurity inventory will establish the attack surface of your infrastructure, and this will be the foundation for strategic planning.

If you want 2020 to be the year when you fully understand your organization’s overall security posture, Axis is here to get you started. We provide clients with an affordable assessment and inventory audit that identifies the challenges to your security infrastructure and where potential risk resides. With this foundation, we can help your team develop a strategy to prioritize your most important security challenges using the CSF framework.

Our 3-step strategy allows us to come up with the best solution for your organization.

Step 1: Interview

Discover your security posture. What are your company’s specific challenges with infrastructure security?

Step 2: Perform Scan

Take inventory of your entire infrastructure to find out where potential risk resides.

Step 3: Axis Solutions

Our solutions are not vendor specific because there are different ways to implement a solid cybersecurity framework.

Start 2020 with a plan. Click here to get your security assessment scheduled today!