During the course of compliance assessments, auditors inevitably record a certain number of violations.
The main mistakes that can be made at this stage are:
– Treating a violation/issue as one of the fields to be filled in with text during the audit.
– Treating issue input as the ultimate goal of the audit.
Why should all detected issues be treated as a separate entity within the audit framework? First of all, for proper monitoring, the comment must have at least the following attributes:
– Status
– Creation date
– Elimination date
– Author
– Responsible staff
– Completion date.
This is already more than something that will comfortably be stored within one, two, or three fields. However, the list of required attributes does not end there. With respect to the comment, it is also important to record:
– For which asset was it initiated?
– In the context of which audit?
– What requirement was violated?
– What evidence was attached ref the violation?
The Defensys company updated its platform for digital imitation of IT infrastructure components Defensys Threat Deception Platform (TDP). The vendor added SCADA and Linux FullOS traps to the list of existing ones and also expanded the list of current lures templates.
There was a high increasing of the total number of cyberattacks focused on critical infrastructures in 2022. And consequences of such attacks can be very serious: leaks of confidential information, financial and reputational losses. Considering this statistics, the Defensys company developed the SCADA trap and added it to the latest TDP version. It helps to detect threats in infrastructures of industrial companies. Now users can create fake PLCs (programmable logic controllers) – crucial automation elements in the technological processes management. This way Defensys TDP now detects attacks focused on very specific assets that belong to IT and OT segments.
One more trap added by the vendor is Linux FullOS. It helps to create an emulated full operating virtual machine working under Linux based operating systems in the chosen network. Thus trap type can be the base for creating a lot of fake network elements tuned for customers’ specific needs. Furthermore, users now get lures in the form of saved browser credentials in MS IE and MS Edge Legacy.
Audit management is the most classic application of SGRC systems. It answers the question:
What is going on with information security now?
Conducting compliance audits is both an obligation and a right of organizations.
It is not for nothing that the presence of functions, implemented by systems of this class, is present in almost every standard/framework, which regulates the construction of cybersecurity systems.
On the one hand, organizations are always subject to a number of normative legal documents and regulations. They are the driving factor for the birth of an organization’s audit management process. The problem that comes to mind first is the need to generate reporting documents on the results of audits. However, it is only the tip of the iceberg.
The audit process includes four basic steps, which generally correspond to Deming’s PDCA (Plan – Do – Check – Act) cycle:
Let us analyze each of these steps.
At this stage, organizations try to plan a list of necessary actions and define the objects to be audited, the requirements they have to meet.
Today most organizations fortunately no longer face the question “is it worth implementing information security solutions?” The importance of information protection has become an axiom, and there are many offers in the cyber security market that cover the needs in various fields – SOAR, SIEM, etc.
At the same time, information security solutions implemented in organizations usually line up in the following pyramid:
However, with the disparate implementation of the entire variety of security tools and solutions, companies face the following challenges:
Thus over time, organizations realize that the mere availability of a wide range of software does not guarantee a well-functioning information security management process.
It requires collecting and aggregating information about the state of information security, analyzing it properly, being able to apply it correctly, and most importantly, clearly communicating to the business the importance of the entire information security management process.