Building an intelligent security operation
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
Contemporary successful businesses must innovate to survive in modern times. Businesses use apps, data, and the cloud for daily operations. At the same time, such companies must ensure that they have an intelligent security operation.
The purpose of building an intelligent security operation varies.
An intelligent security operation can reconcile organisational risks. For any organisation to do this, as I have highlighted in past articles, they must, first of all, carry out extensive auditing of the existing systems. This will allow them to find areas where they are most vulnerable and will lead them to discover mitigating processes. Also, this identification help with writing the right policies, channeling financial objectives and building robust litigation postures when breaches happen.
Through analysis of a trained expert in the area of information governance, the company can (1) Find the right tools to ensure that existing risks are handled and prevent other risks from arising in the future (2) with the right tool, the company can automate their procedures to ensure that the system automatically detect risks before they happen and notify the right personnel within the company structure (3) help the company build a methodical system to monitor and protect their data assets.
A robust intelligent security operation helps the company’s staff to escalate issues about a potential risk to the right department for mitigation purposes. This sensitises staffs about appropriate steps to take when they sense potential attacks to the business a
Successful businesses must pay attention to three key areas to ensure that their intelligent security operation is functional and working at optimal levels. These areas are people, process and technology. I would like to shed a brief explanation of these areas.
Any company has to hire and retain the right security personnel who understands security operations and who must be ready to build a widespread information governance security consciousness within the company. This, therefore, means that human resources must get in the right resources to drive this goal. A clear role definition must be drawn out for the person who manages and handles data.
Second, there needs to be a good process and procedure in place that enables sustainable and measurable compliance efforts. Without a solid procedure and process in place, there are high tendencies that companies would fall into the trap of breaches. Process considerations include knowledge management, analysis, operation, technical and business process. There needs to be a solid process and procedure that guides the necessary stakeholders.
The business must also put into consideration the use of modern technologies that can support the security of data sets. The technological tool stacks must correlate all risks and piece together details of an attack in real-time. A good technological stack is critical because it allows for quick investigation of breaches and workflow tools to manage incidents. In summary, the technological tool must identify, measure and reduce risk.
Successful companies must pay attention to these features in building an intelligent security operation. To avoid breaches or mitigate risks, successful Nigerian companies must spend the funds to build a preventive, detective and organisational system to the management IT risks within their business.
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke