Have you ever wondered, “How do information security teams
work?” You may know that they somehow they keep your information safe (as far
as you know) and they might seem like wizards in doing so. While we like to
think that’s true, there is a method to the madness that keeps cyber villains
from stealing your social security number, salary information, and health
records.
First, let’s make it clear that not ALL parts of the
information security team are fighting off cyber criminals for 40 hours (or 80
hours) each week. However, for the team that focuses on defending company
information online, there are three major components: Intelligence, Detection,
and Response.
To have an information security team that operates
effectively, it must have the proper intelligence capabilities to drive its
operations. Intelligence is defined as the ability to acquire and apply
knowledge and skills. In security, this means being able to collect information
on the threats that endanger the organization. A well-structured security team
will know its threat landscape so that it’s not wasting resources on defending
against threats that they don’t need to worry about. For example, a company like
Google doesn’t need to worry about collecting intelligence on ATM skimmers.
They don’t have ATM’s, so while knowing about ATM skimmers may be useful for
your personal life, it doesn’t require company resources to defend against.
Once threat intelligence is collected, an information
security team needs a method to detect the threat and alert the team to an
indicator that the threat may be present on the network in a time-effective
manner. Security teams use these automated alerts to investigate whether they
are really dealing with a security incident or if it is a false alarm.
Investigative procedures may include looking at security logs, talking to
network users, or doing a little extra research online. If it’s a false
positive, tweaks may be made to the alert, but at the end of the day, it’s not
a big deal. However, once an alert is confirmed, it’s time for the team to do
the heavy lifting of information security: response.
Incident response is one of the most highly valued skills in
information security, but you’ll have to wait until my next blog post to learn
more! Follow this blog on Feedly to stay informed and get your security
delivered!
