When individual security staff do not have sufficiently broad or deep training in the security product areas the enterprise focuses on, do a skills assessment, create an organizational development plan to get the team trained in areas where there could be skills deficiencies, and try to hire at least some additional staff to address any remaining skills shortages, says Harkin. “Consider augmenting your team with external resources through an existing IT, security services, or consulting agreement or by hiring one or two staff members under contract, who could also provide on the job training for your existing team."
Enterprises should inventory products attached to the network using scanning tools and techniques made for this purpose. Companies should maintain records of these scan results for comparison and audits. Organizations should monitor the network and attached products in real-time as a part of their governance efforts. “The enterprise should manage and monitor security products just like other assets,” says Shackleford. This should help the business to find visibility into the number, type, placement, and condition of installed security products in order to fix configuration issues.
Sign up for CIO Asia eNewsletters.