Managing IT Configuration Drift, Controls and Risk

by

In less than a week, all the configuration controls, permissions and entitlements that IT spends time testing are useless. The sheer fact is that these are quickly changed by normal use, whether the changes are collateral from other changes being made, accidental or intentional.

Also known as configuration-drift, the problem affects every stack of technology being used by organizations, from outsourced Cloud-computing applications to web-applications and databases, underlying systems and networks, laptops, PCs and mobile devices.

Unfortunately, the unseen and unknown changes to technical controls are the very foundation of the next business disruption, or unauthorized access to applications, information and interconnected IT assets.

Patching: One possible solution?
There’s a lot of workarounds that can be used to achieve a temporary solution until patches are available. Then there’s the ubiquitous Microsoft Patch Tuesday as well as patches from other suppliers that must be scheduled, applied and tested. In other cases there are no temporary solutions and hard tradeoffs have to be made between convenience, exceptions and increased risk profiles. The sad fact is that most organizations sit on patches for months before applying even those deemed most critical.

Detect and prevent: the other solution?
Detect and prevent can only be achieved if IT assets are instrumented to provide the information from logs and events, IT assets are inventoried and continuous assessments are routine and visibility into the problems and risks are quantifiable. The reality is that only one-in-ten organizations are proactively using these kind of IT GRC tools.

In truth, different procedures and controls are more — and less — effective, under different circumstances, and some procedures are clearly more important than others.

The new Assessments@ITPolicyCompliance enable you to determine which procedures for managing technical controls are leading to the best outcomes against the real World practices of more than 4,000 other organizations.

Visit: www.ITPolicyCompliance.com/Assessments/ to find out more

Find the answers to how your practices for managing technical controls compare with others, including:
• Your industry
• Your peers, and
• Best performing organizations

The practices covered by the Management of Technical Controls include:
• Whether IT assets are identified and classified
• If access to IT assets are segmented or otherwise limited
• Whether unauthorized access to IT assets is detected or prevented
• If audit trails and configuration setting are monitored
• Whether IT assets and configuration settings are tested
• If evidence from audit trails and configuration settings is gathered
• Whether gaps in technical controls are remediated and documented
• If IT assets are hardened
• Whether an inventory of IT assets is centrally maintained
• If your procedures are automated sufficiently

Visit: www.ITPolicyCompliance.com/Assessments to find out more

Specific to your industry and size of your organization, the confidential and free assessment delivers immediate feedback on how well, or poorly, your practices for managing technical controls are compared to your industry, your peers and the best performing organizations.

More importantly, the intuitive risk-index of the Assessments@ITPolicyCompliance enables you to quickly identify changes that will:
• Increase the value delivered by IT
• Reduce business downtime
• Reduce data loss or theft
• Reduce the time and money spent to pass and sustain audits

Who should be interested: managers in IT security and operations, audit, risk, and compliance

Time to value: minutes

Regardless of size or industry, most organizations are continuously looking to improve operational effectiveness across all functions, and IT is no exception. Assess yourself and your organization today with the Assessments@ITPolicyCompliance today.

Additional reading:

Automation, Practice and Policy in Information Security for Better Outcomes

Business Continuity in the Real World

Don’t Fall for the Old Saw of Patch Management

Advertisements

Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: