- News & Resources: Listings >
- Blog
- Microsegmentation: Protecting Data from Cyber Threats
- Retail shoplifting and loss prevention: How to protect your business
- Generative AI Cost Optimization Strategies
- Why Do I Need to Protect My Cloud?
- 10 Reasons for Engaging Outside Experts to Manage Your Cybersecurity
- Why Hiring a 3rd Party MSP Expert Makes Sense and – and Cents (MANY cents!)
- Brand and Network Considerations When Adopting AI Corporately
- Integrating XDR, SIEM, and SOAR
- 3-2-1 –Go? Not so quick, this time.
- 5 Things a CISO Shoud Know
- 10-Step Patch Management Checklist
- Penetration Testing vs. Breach Attack Simulation
- Current big cyber breaches and impact on businesses
- Smart Infrastructure Gets Lit Up!
- Securing Industrial IoT: The Missing Puzzle Piece
- 7 Common Cybersecurity Mistakes Made by SMBs
- The Future of Physical Security: Cloud-Based Systems
- Autonomous and Sensor Technology Use Surging
- 2024 Facilities Trends Will Require Facilities and IT Teams to Work in Tandem
- NGFW vs. WAF. What’s the Right Firewall for You?
- Chris Hadfield’s Words To Live By
- Industrial Revolution 4.0 + IIoT
- Digital Fluency Drives Innovation
- Your Cloud Needs Protecting, Too
- Your building alarm systems could become obsolete. In 2024!
- Zero Trust 2.0: Zero Trust Data Resilience (ZTDR)
- We just got, or got used to, Wi-Fi 6. What is Wi-Fi 7?
- What Does the Board Need to Know? Business Metrics that CISOs Should Share – 4th and Last in a Four-Part Series
- Why 2024 is the Year for AI Networking
- International Women’s Day is Tomorrow – Great Time to Think About…
- Data-Centric Security Step One: Classifying Your Data
- The Network – Unsung Hero of Super Bowl LVIII
- What Does the Board Need to Know? Business Metrics that CISOs Should Share – Third in a Four-Part Series
- Boosting IT Team Performance by Fostering Intuition, Curiosity and Creativity
- Breach Remediation Costs Can Wipeout Bottom Line and Business
- Hoodied Hackers Now Favour Hugo Boss
- What Do You Need to Tell the Board? Business Metrics that CISOs Should Share – Second in a Four-Part Series
- How to Get People to Re-Engage After the Holidays
- What Does the Board Need to Know? Business Metrics that CISOs Should Share – First in a Four-Part Series
- Android Devices MUST be Updated + IT Departments Being Cut as Privilege Escalation Escalates
- Today’s Common Cloud Migration and Management Concerns
- Protect Your Healthcare Network from Cyberattack – Lives are at Stake
- Happy Halloween: Black Cats Lead to Boo….Hoo.
- Insurance Underwriters are Protecting Their Flanks
- Insurance Companies Cracking Down as Cybercriminals Become Better Business Builders
- Scary Cyberattacks Stats
- Parents, Profs and IT Professionals Perceive Back-to-School Through Different Lens
- Zscaler’s new IDTR and other tools that leverage generative AI
- Vanquish Vaping, Vandalism and Villainy
- Fabric for Fast-Paced Environments
- Changes to Cyber Insurance Requirements – What you Need to Know
- Cybersecurity Readiness – Newly Released Report
- Passwords Leaked…Again
- 10-Step Patch Management Checklist
- Remote – Again – For Now… and Still Maintaining Engagement
- Protecting Pocketbooks, Passwords and Property from Pilfering
- Raspberry Robin: Highly Evasive Worm Spreads over External Disks
- Cisco Introduces Responsible AI – Enhancing Technology, Transparency and Customer Trust
- Managing Customer Trust in Uncertain Supply Chain Conditions
- Hope on the Horizon
- Toys of Tomorrow… What will spark your imagination? Fuel your imagination?
- Protecting Purses and Digital Wallets
- The Password that Felled the Kingdom + MFA vs 2FA
- The MOE’s RA 3.0 and Zscaler
- 7 Critical Reasons for MS Office 365 Backup
- Penetration Testing Important, but…
- Social Engineering and Poor Patching Responsible for Over 90% of Cybersecurity Problems
- Breach Incidence and Costs On the Rise Again + 5 Ways to Reduce Your Risk
- Cybersecurity Insurance Policies Require Security Audits and Pen Testing
- Wireless strategies for business continuity gain importance as enterprise expand IoT, cloud, and other technologies
- How Cybercrooks are Targeting YOU
- Enabling Digital Transformation with Cisco SD-WAN
- WFH Post Pandemic – What It Will Look Like. What You’ll Need.
- Leaders to looking to the IoT to improve efficiency and resiliency
- Cyber Security Vernacular – Well, some of it, for now
- Why You Need Disaster Recovery, NOT Just Back-Ups
- 10 Reasons Why Having an Expert Manage Your Cybersecurity Makes Sense and Saves Dollars
- Converting CapEx IT Investments into Manageable OpEx
- The Hybrid Workplace – Planning the Next Phase
- Cisco Cloud Calling: Empowering Customers to Thrive with Hybrid Work
- When You Can’t Access the Cloud
- How to Keep On Keeping On
- New Cisco Research Reveals Collaboration, Cloud and Security are IT’s Top Challenges
- Threats from Within on the Rise
- Cloud Covered? If Not, Take Cover!
- Zero Trust and Forrester Wave Report
- Password Based Cyber Attack: Like Leaving Keys Under Doormats
- So, What’s Up With Sensors?
- Sensors and Systems Create a Digital “Last Mile” and Help Skyrocketing Costs
- Scanners Provide Peace of Mind for Returning Students and Workers
- Sensors Improve Operations and Bottom Line… Easily and Cost-Affordably.
- Cisco Meraki Looks at 2021
- 2020 Holiday Shopping: Cybersecurity and Other Tips to Safeguard Wallets and Systems
- How to make the most of the technology you have
- Personnel, Planet and Business Progress: More Interdependent Than Ever Before
- Sure… you can get them all in the boat – but can you get them to work well together?
- Pushing the Zero Trust Envelope – Cisco is Named a Leader in the 2020 Forrester Zero Trust Wave
- Cloud Data Must be Protected, Too!
- Don’t Let Anyone Get the Dirt on You – Make It Instead!
- How IoT Devices Can Help You and Your business
- WebEx – A World of Possibility
- Creating Your Breach Response Plan Now Will Save You Thousands Down The Road
- Been hacked? Here’s what you must do next.
- The Need for Pen Testing is At an All-Time High
- 5 Ways an IT Reseller Improves Your Performance and Peace-of-Mind
- 5G and Wi-Fi 6: Faster, more flexible, and future ready. Are you?
- Network and Data Security for Returning and Remote Workers + Disaster Recovery Symposium
- Collaboration and Cisco WebEx: Protecting Your Data
- Thursday’s Virtual Conference Tackles Today’s Supply Chain Trials and Tribulations
- 10 Tips to Reduce Cloud Storage Risk
- COVID-19 Crisis Fuelling IT Spending
- Supply Chain/Logistics Experts Share Their Expertise
- Cisco Breach Defence Overview
- Announcing Our New Website and Blog
In this third installment of key data that CISOs should consider sharing with the companies Board members and senior decision-makers who are not part of the IT team, we’ll be covering Infrastructure and New Technologies.
-
Expanding Digital Footprints Increase Vulnerability – Part One in the Series
-
Data and Data Lake Segmentation
-
People, Phishing and Policies – Part Two in the Series
-
Stakeholder Security, including digital supply chain security and third-party risk management
-
Incident Detection and Response + Testing Protocols and Practices
-
Infrastructure – State of Current Architecture and Equipment +Future Needs Assessment
-
New Technologies, including Enterprise -Wide and Department-Level Applications as well as use of IoT, ML and AI
-
Investment Levels and Efficacy + Regulatory Compliance and Insurance Coverage
-
Vendors and Portfolio Management
-
Financial Asset Risks + ROI and Losses
In the first installment, we covered Points 1 and 2. Today the focus is on some of the security-related elements.
Infrastructure – State of Current Architecture and Equipment +Future Needs Assessment
With In today’s business world of hyper-connectivity, widely distributed networks that often have internal and external stakeholders connecting into the system, and rapid adoption of emerging technologies, it is important that CISOs adequately communicate to senior decision-makers that it is no longer possible to create a fully-secure infrastructure. At least not one that will permit the organisation to scale, foster collaboration and innovation and achieve its growth goals.
Today, most people have heard the phrase, perhaps all too often, that “It’s not a matter of if, but when”. That being said, IT departments and their leaders often come under extreme scrutiny if there is an incident. It helps when senior executives are well aware of where things stand in terms of infrastructure and upgrades.
Some of the data and metrics that you may wish to track and report on:
-
Number and types of hardware/firmware and other equivalent equipment assets owned by the Company, and how that is changed since the last report.
-
Number (actual number and percentage) of IT assets that are approaching “end-of-support” and “end-of-life”, along with timelines, recommendations about which ones to replace and how, and the attendant costs. After all, it is far easier to get budget amounts approved when the purse-string holders have plenty of advanced notice.
-
Reminder of process is used to ensure secure configurations of all assets, with frequency/cadence included.
-
Identification of automated versus manual processes for code review, etc., including percentages for each type, and headcount required for manual assessments.
-
Patching protocols, frequency and results, for both software and firmware, including processes used for individuals’ devices, if the firm allows users to connect with their own devices.
-
Number of devices on the network, along with report on unidentified and orphaned devices, as well as the number of devices requiring patching.
-
Although it would have been included in your “Incident Response” report, the discussion of Zero Trust architecture deployment and the number of threats blocked by your endpoint solution, it should be included here, too, if reporting separately.
-
Time required to address/repair “vulnerabilities”, along with data related to how these problems are addressed. In other words, which ones (specifics and as a percentage) are being addressed by internal resources, versus 3rd-party entities. Third-party SLAs should be included.
-
Number of “vulnerabilities” that need to be addressed, along with the priority level based on potential impact to the organisation, timelines to address these problems, and potential impact on the organisation’s mission-critical problems are not resolved within a specific timeframe.
-
Depth of network/infrastructure segmentation.
New Technologies
New Technologies, including Enterprise -Wide and Department-Level Applications as well as use of IoT, ML and AI will require frequent, and possibly more in-depth, reporting than has traditionally been the norm in your organisation. For many senior decision-makers, technology advancements are moving too quickly for them to stay on top of things, and still run the company.
For reporting purposes, you may wish to include the following:
-
The number of applications being used by the organisation, and each of its locations and departments, and how this has changed over time. Including headcount cost savings would be good, if possible.
-
The number of IoT devices being used within the organisation, in what departments, how that is changed since your previous report, along with the date of adoption and resulting impact to overall performance, including the bottom line.
-
This will include the total number of IoT ports that are connecting to the enterprise network, broken down by location if yours is a distributed network/organisation.
-
Depth of IoT segmentation from rest of network and the organisation’s other resources.
-
Organisations have been using IoT devices for over a decade now, so it has become important to also report on the number of devices that cannot be patched or upgraded. Again, budget forecasting can be critical.
We hope you found this helpful. Please check back with us mid-March , for the final installment. In the meantime, we wish you a Happy Valentine’s Day!