Embedded Files
Here are the top points for what I prefer to see for high security systems. Not every system needs these, but if you have a critical of life safety critical system, I think these help to get a good nights rest.
Data for security: good quality data is a foundation
use high intensity process logging and network logging,
use autoscaling to support the burden of logging,
flexible data representation, scalable cloud DB's, AI anomaly detection, graph representations, real time selectors so that you can uncover and respond to problems easily
Defense in Depth: micro-segmentation, multiple layers, zero trust. Minimize your public attack surface and harden any public items that are needed.
Dynamic: as much as possible security parameters should be assessed in a continuous online or real time manner and remediated in continuous real time manner including, as much as possible, all types of vulnerabilities and misconfigurations. That implies automated testing and automated deployments.
Deception: the security team must fully occupy the position of the interior and fully utilize its information advantage - the adversary should know that anything it touches could be a trap
Durable rapid recovery and resilience: this is to facilitate quick recovery from ransomware attacks and other risks
prefer copy on write, readonly, write once read many times encrypted data so that your backups are hard to overwrite
in critical systems cold standby's should be available to make sure recovery from ransomware is very fast and forensic materials are captured safely and automatically at any point
run more than one version of your product in more than one region, with an immutable cold standby available to switch to if need be
Diversity: Diversity of connectivity and physical infrastructure eg having a data center you can deploy in two different regions of the country, in some cases diversity of application software implementation in life safety critical systems like aircraft control systems
Product and Project Management Points for implementing 7D Security:
Your people including the veterans who built the old way are vital - they know where the pain points are.
Building in a way that leads to accomplishment and limits burnout for your staff is key.
This isn't usually something you do all at once, typically you'd do this in a series of
firm fixed price campaigns with flexible scope for ease of budgeting along with a
firm fixed priced maintenance element.
You may not need all aspects of 7D, but its a road map that can help you get to a much higher level of effectiveness in your program, so pick what is useful to you in a risk prioritized way that is appropriate to your assets and threats.
If you need help or advice on any of these items feel free to reach out at info@kiermansystems.com
Page updated
Google Sites
Report abuse