Skip to main content
  • Loading...

Security Strategy & Security Response Plan

SECURITY STRATEGY

IT exists to help business leaders understand and manage technology risks. The organization has an obligation to protect data from unauthorized loss, disclosure, or alteration, and the IT organization must make certain that systems are available when needed. In this increasingly complex and hostile world, IT helps the organization succeed and protect its reputation by protecting its technological assets.

IT faces unprecedented challenges. New and sophisticated attacks are becoming more frequent. Homewerks’ push to new cloud technologies compounds the problem and significantly expands the volume of organizational data vulnerable to attack. This puts significant pressure to develop new strategies and tactics for success.

Chief Information Security Officers in the United States believe an advanced attack will affect their organization in the next year. These threats mean IT leadership must quickly improve threat intelligence competencies while also developing response plans for when an incident occurs.

Intense public, media, and regulatory focus on cyber-attacks has sharpened senior executive interest in Information Security. Because of this, the National Association of State Chief Information Officers (NASCIO) named Information Security its number one priority for two consecutive years. NASCIO also spearheaded three studies over the past four years with a leading consulting firm to highlight funding and governance issues that inhibit the effectiveness of state security programs.

Organizations across the globe are setting the cybersecurity bar higher in response to more advanced and persistent threats. Organizations that do not keep pace are accruing a cybersecurity debt that they eventually must pay to align with industry accepted best practices.

Homewerks feels the following strategy best fits with our needs.  It is grouped into three categories: Proactive Risk Management, Improved Situational Awareness, and Crisis and Incident Response.

Proactive Risk Management

  • Performing Continual Risk Assessments
    Homewerks performs a variety of vulnerability scans to help us better understand weaknesses in our environment.  In addition, our systems determine which devices are not up to date with updates, patches, firmware and the like that could lead to vulnerabilities.  This is achieved through:

    • Daily Vulnerability Scans

    • Multiple Remediation Activities per Week

    • Yearly 3rd Party Scans

An additional opportunity is to poll machines and centrally manage system updates.

  • Communication of Significant Risks to Leaders
    The identification of Critical/High Vulnerabilities triggers a notification to senior management for visibility.  They may have input on remediation or need to approve the addition of resources for remediation.

  • Employee Education
    Homewerks’ Senior Management has embraced and helps enforce mandatory yearly cybersecurity education.  This education includes but is not limited to: phish email/SMS phish identification and response, physical security and response, misinformation/disinformation identification, and social engineering identification.

  • Secure Hardware/Software Baselines Enforced by Other Systems
    Homewerks has adopted Zero-Trust/Least Access policies to data and network access.  These are enforced through the combination of GPO, VPN Servers, and with pre-validated hardware deployments.

  • Access Management
    All access to Homewerks’ systems is managed through AD Group membership.  Additionally, access to administrative functions requires both administrative credentials and MFA.

  • Validate Controls through 3rd Parties
    Homewerks is audited regularly to ensure that necessary controls are in place and that the organization is aware of new controls that should be implemented.

  • Prevent Vulnerability Exploitation
    All servers and endpoints use Robust Next-Generation Endpoint Security that rely on both signature definitions and heuristic detection.  Other systems, like firewalls, are monitored by SIEM tools for out-of-band activity.

  • Leverage Features in Next Generation Firewall (NGFW)
    Homewerk’s firewall supports technology to detect and shutdown attempts to access it.  These are called Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS).  These features work in conjunction with each other to prevent Denial of Service (DOS and DDOS) attacks.  These attacks prevent the normal use of a service, typically by overloading the service with bad requests.

  • Cybersecurity Insurance
    Cybersecurity insurance helps to mitigate losses from incidents involving data breaches, business disruption or system damage from an attack.

  • Resilient Network Design
    A strong network leverages multiple layers of defense and tools to ensure that it is always running optimally. 

    • Robust backup strategy with immutable and/or air-gapped backups, off-site backups and continual backups

    • Network segmentation to isolate traffic as much as possible

    • Use of failover internet circuits for business-critical operations

    • Hardened edge to keep out unwanted traffic

Improved Situational Awareness

  • Detect anomalies
    Active network monitoring tools help to respond to a breach faster than someone noticing an issue.  These tools comb through massive amounts of data and alert the Security team to investigate.  The tools alert to new users and devices, disabling\deletion of users or devices, rapid use of a login, logons to multiple machines in a short amount of time, larger-than-normal amounts of data leaving the network, among other features.

Crisis and Incident Response

  • Incident Response Framework
    A response framework is critical for when something happens that does not go to plan.  This plan is intended to start small and, through several iterations, improve into a robust response playbook that can be leveraged during an incident.  The general cycle of developing this framework is:

    • Development

    • Training

    • Test

    • Improve

    • Repeat

  • Actual Crisis Response
    The Response Plan includes a form to capture the nature of the incident, who responded, the actions taken to remediate, long-term preventative actions that need to be taken and a timeline for the preventative actions. Follow-up on action dates to ensure they are in place or set a new date.

SECURITY RESPONSE PLAN

Homewerks takes information security very seriously.  In the event of an information security incident, Homewerks will engage immediately using the established company Incident Response Plan to capture the details of the event and the remediation steps.  Depending on the nature of the event, the appropriate individuals will meet to:

  • Collectively establish a timeline for resolution
  • Remediate the issue and
  • Document the root cause and resolution

Leadership will inform senior management of the situation and notify impacted customers, if any.  Additionally, leadership will inform relevant legal and law enforcement agencies to provide direction on further investigation. 

Please contact infosec@homewerks.com for more information.