Strengthen Cyber Resilience: A Checklist for ITOps and SecOps Collaboration
2024-11-5 20:22:54 Author: securityboulevard.com(查看原文) 阅读量:2 收藏

In the past year, half of organizations (54%) have experienced a cybersecurity incident, and in the next 12 to 24 months, three-quarters (73%) of all organizations believe they are likely to be disrupted by a cybersecurity incident. Building cyber resilience so that you can persistently prevent, withstand, and recover from disruptions to your network infrastructure is becoming increasingly important. So, what is standing in the way? The answer lies in the disconnect between ITOps and SecOps.

Traditionally, ITOps has been mandated to build, support, maintain and keep available network infrastructure across various scenarios, in data centers and the cloud, and to support employees in offices and remote workers. In this hybrid world, the ability to keep networks up and running 24/7 becomes a top priority. IT and network teams build competence around network devices, and their success depends on their ability to protect network availability.

Meanwhile, SecOps has a mandate to detect and prevent breaches. Focused on threats to the organization, they discourage using technologies and processes that expand the attack surface. Because SecOps operates largely outside the network, they rely on ITOps to keep network infrastructure hardened against attacks and have little visibility into recovery when an attack happens.

Different mandates put ITOps and SecOps on different sides of the fence, working independently and with a limited understanding of their complementary roles in protecting the organization.

An Ever-Widening Gap

Now that SecOps is aligned with auditing and compliance, the disconnect is exacerbated. CISOs are reporting to Boards as the responsibility for business risk within the context of cyber now falls within SecOps.

AWS

AWS Hub

Security spending is growing at double-digit rates as the cost and impact of breaches have increased, the importance of protecting data and systems and keeping networks running is well understood, concern over compliance and audits grows and fear of AI-enabled threat actors spreads.

But in this world, the trick isn’t to invest more in security monitoring and detection. A full 58% of the time, organizations learn of a security breach from external sources – either benign third parties (34%) or attackers themselves (24%). Instead, the trick is to mitigate risk faster than it can be exploited and withstand and recover quickly when disruptions happen. In other words, we must build cyber resilience and collaboration between ITOps and SecOps, which is fundamental to this effort.

A Checklist to Foster Collaboration and Build Cyber Resilience

The largest organizations say that the highest barrier to cyber resilience is transforming legacy technology and processes. When only 29% of ITOps teams fully understand SecOps and only 30% of SecOps teams understand the role of ITOps, it’s time to transform how these teams work together and eliminate a major barrier to cyber resilience.

If strengthening cyber resilience is a priority for your organization, here’s a checklist for ITOps/SecOps collaboration.

  • Establish shared goals – A strong relationship starts with a common understanding of the mission to protect the organization’s assets and data and maintain confidentiality, integrity and availability. With this shared understanding, you can agree on priorities, understand roles and responsibilities, and identify areas of overlap where the teams must work together to achieve mutual success.
  • Have a common way to assess and manage risk – Network teams are focused on operational risk related to network infrastructure availability and performance, while security teams are focused on incident prevention and risk mitigation. Ultimately, the objective is the same: To keep the business moving forward. Developing a common way to assess and manage risk will ensure both teams are on the same page and working together with the best interests of the business in mind.
  • Become partners in compliance – Organizations don’t always work together to ensure compliance. When audits happen, security hands off a list of requests and reports they need from the network team that, in turn, scrambles to respond. Instead, collaborate to identify and implement controls and processes that meet legal, industry, and internal requirements and mandates. Tools that automatically audit configurations and groom them back into compliance help teams proactively keep systems secure and compliant.
  • Bring it full circle with incident response – Despite best efforts, incidents happen. A critical component of cyber resilience is the ability to withstand and recover from disruptions. Create a shared plan that both teams trust to maintain business continuity and integrity. When something happens, you will have already established how to investigate, contain, and remediate as well as restore normal operations.
  • Remove budget barriers – Coalescing on a coordinated SecOps and ITOps cyber resilience practice
    also sheds light on the areas within ITOps that are core to security and may have previously gone unnoticed and underfunded. Network device vulnerability management is one of the last bastions for manual work but is foundational to cyber resilience. Automation tools that track and remediate network infrastructure vulnerabilities should be funded accordingly.

Organizations will continue to suffer disruptions from cyberattacks. Strengthening cyber resilience is the best way to mitigate the impact and keep your business moving forward. With a checklist that helps ITOps and SecOps teams find common ground, you can coordinate efforts that meet their core mandates of network availability and incident prevention and build a more cyber-resilient organization in the process.


文章来源: https://securityboulevard.com/2024/11/strengthen-cyber-resilience-a-checklist-for-itops-and-secops-collaboration/
如有侵权请联系:admin#unsafe.sh