You're reading from Infosec Strategies and Best Practices Gain proficiency in information security using expert-level strategies and best practices

Product type Paperback

Published in May 2021

Publisher Packt

ISBN-13 9781800566354

Length 272 pages

Edition 1st Edition

Tools

Kali Linux

Concepts

Cybersecurity

Author (1):

Joseph MacMillan

View More author details

Table of Contents (13) Chapters

Preface

1. Section 1: Information Security Risk Management and Governance

2. Chapter 1: InfoSec and Risk Management FREE CHAPTER

3. Chapter 2: Protecting the Security of Assets

4. Section 2: Closing the Gap: How to Protect the Organization

5. Chapter 3: Designing Secure Information Systems

6. Chapter 4: Designing and Protecting Network Security

7. Chapter 5: Controlling Access and Managing Identity

8. Section 3: Operationalizing Information Security

9. Chapter 6: Designing and Managing Security Testing Processes

10. Chapter 7: Owning Security Operations

11. Chapter 8: Improving the Security of Software

12. Other Books You May Enjoy

Implementing and utilizing detective controls

As is the nature of IT, we have a constantly mutating landscape of technologies, threats, and techniques to be able to identify and protect against, including ransomware, DDoS, and infiltration attacks. We need to know what is happening in our estate and implement automated controls for notification in the event of an attack, as well as the active prevention of those threats from being exploited.

In order to achieve this level of visibility, we need a set of processes and structures surrounding security monitoring and security investigations, and we need to test those processes with staff members and third parties that are responsible for protecting our estate.

Ultimately, senior management is responsible for allocating the appropriate resources toward an internal Security Operations Center (SOC) or a SOC as a service from a third party, as well as having an incident response team ready to be engaged. Once senior management has recognized the importance of these aspects of information security, the responsibility for implementing and maintaining those controls is likely to be delegated to you, the information security professional, at your organization.

With that responsibility, we need to ensure we take a risk-based strategy, including the following:

Asset prioritization
Threat modeling
A detection budget
A response budget

Beyond that, we need to set our strategy for the future and define what types of education and improvements should be undertaken to ensure the organization will remain protected, even in the face of constant change.

In terms of the present, one of the most effective measures available to information security professionals in achieving these heightened levels of visibility and enabling the SOC and information security team to be effective in their endeavors is through security monitoring. Let's discuss what may be involved with that next.