Implementing and utilizing detective controls
As is the nature of IT, we have a constantly mutating landscape of technologies, threats, and techniques to be able to identify and protect against, including ransomware, DDoS, and infiltration attacks. We need to know what is happening in our estate and implement automated controls for notification in the event of an attack, as well as the active prevention of those threats from being exploited.
In order to achieve this level of visibility, we need a set of processes and structures surrounding security monitoring and security investigations, and we need to test those processes with staff members and third parties that are responsible for protecting our estate.
Ultimately, senior management is responsible for allocating the appropriate resources toward an internal Security Operations Center (SOC) or a SOC as a service from a third party, as well as having an incident response team ready to be engaged. Once senior management has...