Too Tired? Too Anxious? Need More Time? We’ve got your back.
Scenario:
You have finally implemented your firewall and VPN solutions and are feeling much better about your network’s security posture. It is now the end of the fiscal year, and your CISO is looking to you for future budget requirements.
He asks for your thoughts on future trends in network security threats, evolving technologies that may mitigate these threats, and how “GRC” will contribute.
You will:
List your thoughts on what the future holds for network security threats (what they are, will they increase, decline, etc.).
List any evolving technologies (new) that you are aware of that can help with the threats you listed.
Explain how Governance, Risk and Compliance (GRC) will help with these matters, what part will they play (Chapter 15).
respond to chris
As the use and technological expansion of all technology systems grow, the threats of the security systems that protect these systems will grow hand in hand. And generally, that is to be expected. However, I feel that the future of network security threats is better described as evolving, rather than increasing. In other words, the threats that faced network security in the past, or even those that we are faced with today, will eventually be challenged to the point where they will no longer be considered a threat. That, however, does not mean that threats will cease. It does mean that we will be faced with new, evolved threats that those who intend to cause harm in the networking realm have altered and improved upon based on what attacks no longer work. I also do not feel that threats to network security systems will decrease whatsoever. There is much to be gained from those who wish to cause harm to networks or gain unauthorized access to them. And as we as a society continue to build our reliance upon, or our utilization of, these networks what we stand to lose also grows. In a response to this we must continue to evolve our defenses and work to not become complacent with regards to our security.
Governance, Risk and Compliance (GRC) is a structured framework to align the goals of Information Technology, as well as Information Security, with the goals of various other departments, primarily business goals. This general structure has a positive goal and should likely be implemented in a majority, if not all, business models. Of course I mean that with regards to businesses who utilize networks and other IT systems that impact the functionality or productivity of their business. These practices will play a large part in promoting safe, effective network security systems to provide safe network access.
Respond to David
I have always said that we live in a digital age that will continue to expand and it be a very important piece in our lives but with that being said I do believe the level for network security threats will increase as our technology changes. With the internet of things IOT increasing this will allow for the attack surface to increase for cybercriminals which will give them more opportunities to gain access to sensitive data. Along with technology continuing to expand cyber-attacks are likely to become more sophisticated and harder to detect we could even see adversaries using artificial intelligence to exploit vulnerabilities in networks and devices.
There are several evolving technologies that can help organizations defend against the threats such as artificial intelligence or machine learning that can be used to identify patters in network traffic which will allow for faster detection of potential security threats. You could also use zero trust security which assumes all users and devices are untrusted and require authentication and authorization for every access attempt. Lastly, and this one is not at technology, but you should be training your employees on network security threats, so they know how to keep your organization safe, it is often said that the employee is the weakest link when it comes to security.
GRC can play an important role in helping organizations address the evolving cybersecurity threats by governing policies, procedures and controls that an organization out in place to ensure that their operations are aligned with their objectives. Risk management which is identifying, accessing and mitigating risks and lastly compliance which involves ensuring that an organization operation comply with laws, regulations and standards.
Too Tired? Too Anxious? Need More Time? We’ve got your back.