Who assesses your security configuration management practices?
In follow up to Security Misconfiguration is the #5 risk in 2017.
Are assessments an internal processes? Do you rely on auditors (often an adversarial experience for staff)? Do you rely on Pentests and vulnerability scans (often limited in scope)? Or wait for the post-mortem after an event occurs?
If these options seem lacking, perhaps its time to consider adding a 3rd party assessment to your security program. A few of the benefits include:
- reduced burden on Security Operations team.
- fresh perspectives and insights.
- assistance preparing for Audits.
- determination if scope of Pentests and Vulnerability Scans are appropriate and adequate.
- evaluation of Security Configuration Management practices. If needed, can provide coaching (or assistance) in establishing configuration management.
- an SOW thats right for you and the current needs of your organization, not driven by the agenda of an auditor or a product vendor.
Even if your organization is not bound by regulations requiring specific security measures or audits, you may want to be proactive about your organization’s security health for more fundamental reasons.
Good security practices have numerous benefits:
- fewer work errors and better quality control.
- fewer occasions of unplanned down time.
- better confidence in ability to handle exceptions quickly and efficiently.
- better understanding of business relationships, dependencies, and trust decisions.
- better understanding of roles and responsibilities.
- better cost controls of the products and services purchased by your organization.
As you can see, good security practices can achieve much more than audit compliance.
Is your security program achieving it’s potential?