Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to protect your mission-critical information

Thor Olavsrud | Sept. 22, 2016
A new report by the Information Security Forum (ISF) outlines the steps you can take to determine your mission-critical information assets and create customised plans for protecting them.

In this step of the ISF Protection Process, you should do the following:

  • Define what constitutes a mission-critical asset.
  • Identify potential mission-critical assets based on their value to the organization and the potential business impact if compromised.
  • Maintain a record of approved mission-critical information assets.

Assess the main adversarial threats

Once you've identified your crown jewels, the next step is to assess the threats to those assets.

"Who would want to get a hold of Apple marketing? Hackers? Competitors? Journalists? Probably not a nation state," Durbin says.

Determining which actors might target your mission-critical information assets will help you determine how best to protect them. Defending against a competitor seeking to steal trade secrets takes a different approach than defending against an extremist group seeking to launch a serious cyber attack.

In this step of the ISF Protection Process, you should strive for the following:

  • Investigate the main adversarial threats to mission-critical information assets.
  • Identify threat events likely to be used to target mission-critical information assets.
  • Evaluate the level of exposure to each mission-critical information asset.

Determine the required protection approaches

Once you understand what your crown jewels are and who might attempt to access them, you can determine what sort of protection approach each asset requires. The security program should relate directly to that asset, but also the people that handle that information at every stage, Durbin says.

In this step of the ISF Protection Process, you should do the following:

  • Understand possible approaches for protecting mission-critical information assets.
  • Define objectives for protecting mission-critical information assets.
  • Select the required approaches to protect mission-critical information assets.
  • Identify the security controls and solutions required to support chosen protection approaches.

Counter the main adversarial threats

After determining the protection approaches required for your assets, it's time to create an active defense.

"Look at how you might counter some of those threats, how you might rearchitect your security architecture and framework," Durbin says. "The key to it is through this identification. That's where a lot of organizations, I think, are beginning to struggle."

In this step of the ISF Protection Process, you deliver the appropriate extra layers of preventative and detective security controls across the five stages of the cyber attack chain:

  • Performing reconnaissance
  • Gaining access
  • Maintaining control
  • Compromising information
  • Exploiting information

Durbin notes that threat-based protection provides an early warning system to inform you of emerging or imminent threat events, enabling a balanced set of end-to-end controls to counter these threats.

Protect the information life cycle

Information has a life cycle of its own. As explicated in Durbin's M&A example, an information asset's criticality can vary along that life cycle. It's essential to understand the life cycles of information assets and to provide the relevant protection and controls at each stage.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.