Lately I have been pondering the most succinct way to describe the goal of the annual medical checks we all go through. The best description I have been able to come up with is that these examinations are about finding "unknown unknowns." Why? Because these general checks are not designed to diagnose, they are designed to discover – either nothing or an unknown anomaly. If doctors find an anomaly, then they take action -- with further tests, treatment protocols, etc. -- to correct the issue before it gets worse.
The prudence of performing an information security check is no less than that of a medical health check. If you find nothing in a security health check, it is good news! If you find an issue, it gives you an opportunity to correct it before it creates more trouble – service disruption, data breach, etc.
So what should be included in a security check?
A security health check should be a broad review designed to identify those "unknown unknowns." If any information security threats are found, then you can do a more specific examination to diagnose and fix the problems. Some of these checks include:
- Forensic Analysis – A thorough forensic analysis of select servers, end points, point of sale (POS) registers, SCADA/ICS systems, and any other systems that are critical to business operations or storing and processing of important data. The forensic analysis has to include running system checks to detect memory resident malware harvesting transient data.
- Network Analysis –Access to in-depth network intelligence is a key to perform network analysis for security health checks. Verizon, through its data breach investigation expertise and annual Data Breach Investigations Reports (DBIR), is leading the research in network data analysis. If your organization has internal expertise, a basic level of network analysis can be performed utilizing open source intelligence and internal resources. However, I would highly recommend engaging a service provider for this purpose.
- Evaluation of Standard Builds – Most mature organizations have developed standard templates for operating system, applications, databases, middleware, POS systems and network devices. A regular examination of those standard templates – to make sure they maintain proper security compliance – should be a regular part of any security check up.
- Third Party Connections and Access –A thorough evaluation of business partners and other third party connections and the level of access they have within your network. Over time, the intended level of network access as well as privileges given to user IDs may have been changed, resulting in elevated risk.
The sophistication of current information security threats warrant an urgent need for a security health check. Not doing so will be irresponsible at best and may result in serious reputational, legal or financial consequences. It is time to be proactive and schedule your security check up today!