Articles
>
The CISO and data: which organization should be chosen?

The CISO and data: which organization should be chosen?

In cybersecurity, data is essential. Without it, it is impossible for the CISO to assess the security situation and know what stance to take! While HR and finance departments have their own information systems, cybersecurity is most often practiced with the means at hand. To be effective, what data should be collected? How can it be disseminated to the field? Here is a methodological overview of the subject.

February 18, 2022
Table of Contents
Discover how Tenacy structures your cybersecurity
Schedule a demo

Collection of internal data by the CISO

The subject of data is so complex in cybersecurity because its nature and sources are highly diverse. However, it is still possible to identify a few general areas for consideration.

Build your own foundation

  • "What information do I need to have?"
  • "How can I get them?"

These two questions are undoubtedly the ones that every CISO needs to ask themselves in order to collect relevant data. The exercise therefore involves:

  • focus on cybersecurity fundamentals (company directory, asset repositories, etc.);
  • Identify the specific data to be captured, using the list of areas to be protected and the sources found there (servers, applications, VPN gateways, etc.).

The data thus covers many fields, ranging from information on threats to the security status of a physical location, or even how indicators are interconnected.

But the exercise doesn't stop there! Or rather, it doesn't start there: the first thing to do to process the data correctly is to use the available knowledge base (reference frameworks, best practices, etc.) to build your own reference framework by selecting and compiling the requirements.

Focus on dialogue

Of course, we think of consoles and tools for detecting certain behaviors (downloading inappropriate tools, browsing unsafe websites, etc.). Unfortunately, technology is not enough here, for two reasons.

Firstly, the data generated by the tools does not and will never tell the whole story, as certain information is held exclusively by certain individuals (employees, top management, etc.). Because data collection is mainly organized "manually," it depends largely on the goodwill of the teams expected to contribute, for example by filling out Excel files.

The human dimension is the main challenge, but it also represents an interesting area for improvement for the CISO. What could be more effective than going out into the field and engaging in dialogue?

In a factory, for example, the manager knows his production lines inside out, but is often unaware of the risks involved. Dialogue is therefore a good way of gathering useful data for processing: by drawing on the manager's knowledge of how the factory operates, the CISO can gather valuable information at source and establish links to organize data transmission.

The CISO must also be interested in external data

Data isn't just internal data! To assess its level of security, each CISO must be able to improve their professional practice through contact with peers and stay informed about the latest threats.

Monitoring and networking: essential tools

Today, there are plenty of opportunities for CISOs to meet. CESIN offers an annual conference open to all, in addition to quarterly working meetings and an online discussion group reserved for members. CLUSIF allows members to participate in monthly working groups, as well as attend five annual conferences and access publications.

For CISOs who do not wish to join a club, there are numerous events organized throughout the year by cybersecurity experts, such as the FIC or Les Assises. These events are a good way to stay informed on topics as crucial and diverse as new threats, best practices, the latest tools available on the market, etc.

Overall, every source of information is worth exploring, including webinars and blogs offered by consulting firms and specialized software publishers. It is up to each CISO to test and select the trade shows, associations, and events that are most likely to provide them with the information they need most!

Integrating Cyber Threat Intelligence

According to the latest CESIN corporate cybersecurity barometer, threat intelligence is on the rise. In fact, 29% of companies have integrated a CTI system to deal with the wave of cybercrime dominated by ransomware in 2020.

What tools should you use to invest in cyber threat intelligence? Cyber threat intelligence can take several forms:

  • access to paid SaaS platforms (such as FireEye), with the option, depending on the case, to access information in different ways (by sector, by group of attackers, etc.);
  • subscription to CERT alert bulletins, including the government CERT;
  • subscription to more in-depth newsletters, in which attacks are broken down using the Kill Chain framework;
  • subscription to technical feeds, to receive information formatted in STIX.

Even though most of these solutions come at a cost, every CISO has the option of integrating Threat Intelligence at their own pace, with little or no budget. This involvesorganizing andautomating social media monitoring, as well asusing free tools. For example, MISP is an open-source intelligence platform.

What means does the CISO have to bring the data down?

In cybersecurity, data must complete a loop. Once it has been collected, understood, processed, formatted, and interpreted, it must be sent back (in its new form) to the field so that security instructions can be followed.

Should rules of conduct or tasks to be performed be communicated in writing or verbally? There is no right answer, as some people pay more attention to written information, while others prefer a verbal explanation. It is therefore up to the CISO to listen and empathize in order to identify the most appropriate mode of communication for their audience. However, two best practices are worth mentioning.

  • Adapting to team tools

On a daily basis, operational staff already use their own ITSM tool. Due to resistance to change, they are rarely quick to adopt an additional tool! Where possible, it is therefore better to use the tools already in place to communicate information. This will make it easier to consult.

  • Create committees

The advantage of setting up a committee is that it combines oral and written communication (via a medium such as a dashboard or presentation). While the "committee" format is commonly used with executives, it is just as useful with operational teams. It allows information to be both shared and obtained. It is also a good way to make everyone accountable for the data they need to report and to recognize teams for their contribution to protecting the company.

‍

Tenacity to create a data flow

Contact us
Other articles

You may be interested in

6 acronyms for cyber compliance
Life as a CISO
ISO 27001, NIS, LPM, NIST CSF, PCI-DSS, NC: compliance in 6 acronyms

The cybersecurity industry, and particularly the field of incident response, is an environment where all kinds of acronyms flourish. It's so easy to get lost. Standards, directives, laws, processes... Let's take a look at the definitions of six acronyms commonly used in compliance that no one should be unaware of.

November 15, 2022
SSI dashboards: should we abandon them? - Tenacy
Life as a CISO
SSI dashboards: should we abandon them?

From design to formatting, not to mention the thorny issue of data collection, SSI dashboards make life difficult for CISOs. A complex environment, difficulties in engaging contributors, unsuitable tools... there are many reasons for the time wasted and frustration generated, to the point that some CISOs are almost tempted to give up. They therefore sometimes turn to predefined, technical dashboards provided by the multitude of technological solutions available on corporate networks.

What if the solution was to continue creating dashboards, but in a different way?

November 3, 2020
The challenges of cyber awareness
Life as a CISO
Cyber awareness: how to rise to the challenge?

While the ANSSI hygiene guide recommends raising user awareness of basic IT security best practices, the reality is enough to make CISOs tremble. According to the CESIN cybersecurity barometer established in January 2020, employees remain difficult to mobilize. 45% of companies believe that their employees do not follow the recommendations! So what solutions are available to CISOs to raise awareness and engage teams?

October 27, 2020