enterprisesecuritymag

The Impact of Security Analytics on Information Security

Enterprise Security Magazine | Thursday, July 22, 2021

Security analytics offers insights into how well the security programs are working. It can also assist in identifying trouble regions and warn of impending or ongoing threats.

FREMONT, CA: Every industry in the modern environment is affected by big data and analytics, and the security industry is no different. Analytics has a lot of promise for assisting ongoing organizational efforts to detect abnormalities and mitigate security breaches and cyberattacks before hackers gain access to systems and carry out destructive operations, or at the very least before too much damage is done.

Many firms do not take advantage of security analytics to its full potential; in many cases, the analysis is limited to spotting network attacks. This, however, is only a small part of the types of security analytics that should be used. Security analytics offers insights into how well the security programs are working. It can also assist in identifying trouble regions and warn of impending or ongoing threats. Organizations create a blind spot for people in charge of information security program management without effective security analytics.

Security analytics should play a role in each of the three key areas of information security in the following ways:

Administrative Controls

When was the last time the information security policies and procedures were reviewed and updated? The longer it has been, the more likely it is that the business environment has changed, necessitating an update of the policies/procedures. If it has been more than a year since the policies or procedures were reviewed, they will almost certainly need to be changed. How many employees/workers attended the most recent general information security training session? Suppose the percentage is less than 95 percent (although 100 percent is preferable). In that case, there is a significant gap in understanding and awareness that might easily result in a security event and privacy breach due to a mistake, ignorance, or malicious intent. Employees require regular, up-to-date, and pertinent information security training.

Technical Controls

When was the last time one upgraded the network systems to fix security flaws and vulnerabilities? When was the last time systems patches were released? If the period between the release and the patch application is longer than one day, the company is putting itself at needless risk. If a breach happens within the gap, this could be seen as negligence in a civil claim or a regulatory infringement that could be applied. What is the total number of computing and storage devices connected to the corporate network? If this number cannot be calculated, the information security program manager will be unable to adequately identify and mitigate the business security threats that exist across the network.

Physical Controls

How many people at the outsourced Managed Systems Provider (MSP) have access to the business's servers and other devices? Do all of these people have a legitimate business need for such physical access? The higher the number, the more dangerous the company is. How many employees use their personal computing devices for work purposes? The greater the number, the higher the danger, necessitating strict compensating controls.

See Also: Top 10 Travel and Hospitality Tech Solution Providers