Security management for today’s businesses and corporations is complex. A company’s Chief Security Officer (CSO) is charged with identifying the organization’s assets then overseeing the documentation, development and implementation of any necessary policies/procedures for the protection of those assets. The CSO’s responsibilities may be divided into four basic categories: Information Security and Audits, Security Basics, Physical Security and Business Continuity, and Security Leadership.

Information Security and Audits

Penetration Tests: CSOs who work effectively use the penetration tests required perform by audit requirements/regulations to gather the most useful data possible. A penetration test is designed to identify and exploit any company vulnerabilities. Follow the data to develop a profile of the potential attackers. Consider all the potential vectors for attack, then design the rules of engagement and choose the attack team. After the attempt, report the findings to measure progress then develop and implement any changes needed.

Log Management: The CSO is responsible for log management, which involves defining what information the company decides to log, how to do it, and how long to keep the information. This actually requires the use of Business Intelligence (BI) systems, as many of the same functions in a BI are used in log management (such as data extraction and warehousing). In the BI system, this data can be available to the whole organization and not just stored in a silo. The operations staff has access to the data for trends analysis for longer time periods than ever before, improving the business’ overall security. SIEMS (System Information and Event Management System) takes log collection to the next level through aggregation, correlation, alerts and reports.

Vulnerability Management: Vulnerabilities are the gates through which threats enter the enterprise. The more applications a company deploys, the more vulnerabilities it creates for itself. Security management must identify the primary threat vectors within the company. The biggest danger is the power of a threat to gain a toehold somewhere, and then pivot to another part of the system. Vulnerability testing may be conducted with pOf (passive OS detection), Nmap, Nessus or Hping. When vulnerabilities are discovered, they must be dealt with or the testing does not achieve anything.

Network Security: The keys to information security are to build the network/system correctly initially,then know the traffic coming in and out of it. Perform a threat vector analysis, then ensure there is Role-Based Access Control (RBAC). Separation of duties and separation of services is effective when money is handled. Cryptography is highly effective.

Identity Management: Identity and access management really go hand in hand. The identity management system must have a directory of personal data system users, ways of regulating access, security policies, password resets, lifecycle management and an auditing system.

Physical Security and Business Continuity

Fraud Prevention: The CSO must make the business the least attractive target possible. Strong internal controls are the first step. These must be fluid and evolve over time as the business grows and changes. Technology and societal fraud evolves as well. So do legislation and regulations. Most helpful, though, is educating the entire workforce so that they see themselves as partners in this holistic process. Fraud is far more likely to be discovered through a tip than any other method. Everyone helps protect the bottom line.

Physical Security Information Management (PSIM): Combining IT with BI to synthesize and analyze data from physical sensors, videos, and logs, it then becomes information which can be used to make decisions on security and business practices. The supporting technologies and processes of PSIM make it the foundation of security’s next generation. The trends today that are making it more affordable and practical are: CEOs are asking for more and more data; new security data aggregating/correlating software is available; traditional processes are becoming dated; businesses are using more and more critical functions software; PSIM principles produce improved situational awareness; and technology product costs continue to drop.

Video Surveillance as a Service (VSaaS): Cloud computing meets video surveillance as VSaaS systems are hosted by traditional video management (VME) and camera software companies at much lower costs.

Endpoint Security: The use of wireless networks continues to grow. Cell phones and PDAs are connected to the Internet at all times. CSOs must help their organizations understand that it is essential for their safety to engineer security on these devices themselves as endpoint security. Service Oriented Architecture (SOA), which online banking has, is the wave of the future.

Sources:

Security Basics

The security leader beyond guns guards & gates