Here in the Northeast, the seasons are changing. The leaves have fallen, and the mornings are crisp, which means it’s that time of year when CISOs must focus on the cycles of the business: budgeting, regulatory audits, risk mitigation, year-end reviews. Taking stock of the good, the bad and the ugly of the past 12 months and setting the stage for a productive and secure year ahead. We know you have a lot to consider, but here are 3 Items we hope you have on your list of to-dos:
- Completing Regulatory Requirements. Did you complete your audits for the year – PCI, NIST, ISO, HIPAA.? If not, get on that before the year is done! If so, great job. Now set the stage for any remediation that might be needed in the coming year. If a penetration test is needed, is it done? If not, schedule one asap.
- Evaluating Your External Network. Do you know your external network risk? Maybe the year got away from you and the testing you meant to complete was never done. If nothing else, make sure you have evaluated your organization’s external network and public footprint. Even if no major changes were put in place this year, the external network should always be evaluated, scanned and penetration tested annually. If mitigations are needed, make plans to put them into place soon.
- Assessing Your Security Staff. Have you assessed your team’s capabilities and gaps this year? Maybe you are lacking in threat intelligence personnel, or the security compliance position has been vacant for some time and you are just making due. Maybe you need a security team to help fill in with technical validation and internal penetration testing (like us). Whatever the need, now is the perfect time to set the stage for the upcoming year. Move around team members if needed, but make sure the major areas of risk and responsibility are covered in your team, internally or using a vendor to help.
As the year closes out and you set the stage for a safe and effective year ahead, let us know if we can help!