Who assesses your security configuration management practices?

Who assesses your security configuration management practices?

In follow up to Security Misconfiguration is the #5 risk in 2017.

Are assessments an internal processes? Do you rely on auditors (often an adversarial experience for staff)? Do you rely on Pentests and vulnerability scans (often limited in scope)? Or wait for the post-mortem after an event occurs?

If these options seem lacking, perhaps its time to consider adding a 3rd party assessment to your security program.  A few of the benefits include:

  • reduced burden on Security Operations team.
  • fresh perspectives and insights.
  • assistance preparing for Audits.
  • determination if scope of Pentests and Vulnerability Scans are appropriate and adequate.
  • evaluation of Security Configuration Management practices.  If needed, can provide coaching (or assistance) in establishing configuration management.
  • an SOW thats right for you and the current needs of your organization, not driven by the agenda of an auditor or a product vendor.

Even if your organization is not bound by regulations requiring specific security measures or audits, you may want to be proactive about your organization’s security health for more fundamental reasons.

Good security practices have numerous benefits:

  • fewer work errors and better quality control.
  • fewer occasions of unplanned down time.
  • better confidence in ability to handle exceptions quickly and efficiently.
  • better understanding of business relationships, dependencies, and trust decisions.
  • better understanding of roles and responsibilities.
  • better cost controls of the products and services purchased by your organization.

As you can see, good security practices can achieve much more than audit compliance.

Is your security program achieving it’s potential?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s