Do you secure your lawn? No, I don’t mean from the likes of “Dennis the Menace”, and hopefully you’ve never uttered the phrase “you darn kids get off my lawn!” But believe it or not, there are some similarities between caring for your lawn and cybersecurity. Maintaining a well-kempt lawn will help minimize weeds, bug infestations, and will overall increase the value of your home or property. And as we’ll discuss in today’s blog, maintaining a strong cybersecurity posture has a similar effect on your business.
Establish a Desired State
The first item in cybersecurity is usually to assess where you are and to compare this to where you want to be. This establishes your desired posture and starts to identify gaps between your current state and desired state. Compare this to looking out your front door and seeing a lush green and manicured landscape, or a unkempt weed-filled pasture. For the latter you will notice some obvious gaps and improvement opportunities, and so will your neighbors.
Identify Key Details
Next in cybersecurity, as we start to dig in, it’s important to identify the assets (physical and digital) and information/data we are working with, where they are stored, where they are moving (via data flow mappings), etc. There are lots of little variables that go into ensuring that we put together the right plan for security controls and ongoing improvements. Think of this like identifying your geography, soil type, sun and shade mixture, natural rainfall, and so on that will have an impact on the type of lawn you can support, and the type of landscaping needed to support it.
Apply Treatment & Controls
After establishing the desired state, comparing to the current posture, and identifying important details, we can then identify the gaps and put together a treatment plan. This is plan-of-action to get us to that desired state by undertaking various projects. For cybersecurity, this usually involves a timeline, budget, and various resources including technical solutions, administrative actions, etc. It happens with a combination of people, technology, and processes. In much the same way, as you start to build up a lawn, you may install new sod, treat with fertilizer or other chemicals to modify the pH of the soil, and water it plenty until it is well established and stable.
Ongoing Monitoring & Maintenance
As with anything in our cybersecurity world, once we’ve established a desired posture, we’ll need to keep a close eye on things by constantly monitoring and applying updates as conditions change. For example, weeds may pop up, critters may infest, or harsh weather may damage the beautiful landscape, creating new weekend projects. It is much the same in cybersecurity, as controls are found to be less effective against new attacks, or as new threats emerge, we constantly evaluate the effectiveness of our controls through risk assessment. When something is found to be lacking, it is addressed through a new set of projects or tools. Through this journey we get to enjoy the fruits of our labor: a healthy and beautiful lawn, or a thriving and secure business.
Have an untidy, weedy business? Reach out to the team at Axxys and let us help you build your build a program, identify your critical assets, apply controls to minimize risk and close the gaps, and provide ongoing cybersecurity leadership for the future!
