Government IT managers: how to foil attacks (with related video)
The reality for most local government IT managers is a mountain of potential cyber threats and a molehill of time, budget, and manpower with which to combat them.
Prioritization, therefore, is the operative principle—identifying which actions can best mitigate known attacks, address the widest variety of attacks, and stop attacks earliest in the compromise cycle. Essentially, it's the 80/20 rule: solidify protections against foreseeable threats, while providing security experts with the time—and the timely intelligence—needed to focus their energies on the unforeseeable.
Local government IT managers can get a head start on this strategy by following the SANS Twenty Critical Controls for Effective Cyber Defense, which map closely to the continuous monitoring controls in NIST special publication 800-53.
Specifically, we recommend focusing on the first five controls: hardware and software asset management, configuration control, vulnerability management, and malware defense. These are, essentially, the minimum foundational requirements for continuous monitoring.
But one word of caution about aggregation: Too often, local governments seek out products to satisfy individual controls without considering a method for aggregating and analyzing the collective data. For this reason, Symantec recommends an implementation strategy that begins with the data aggregation layer. (Not only can a centralized interface help users identify gaps and redundancies in their data collection processes, but it can also provide a single, central point-of-view for better risk management and threat remediation.)
By creating a common platform to manage risk, leveraging existing third-party technologies, and turning disparate data streams into actionable intelligence, local government agencies can achieve a key milestone on the path to long-term risk management maturity.
And that’s really the point: Implementing security controls should be less of a compliance exercise, and more of a larger effort to advance your local government’s operational mission.
Mike Maxwell is national director of state, local and education (SLED) at Mountain View, Calif.-based Symantec.
Symantec protects information worldwide, and provides security, backup and availability products and services. Symantec's Public Sector organization provides a portfolio of solutions that help federal agencies, state and local governments and educational institutions access, manage and secure their information.
Security experts take part in a Symantec Cyber Readiness Challenge in this video. The event includes multiple simulated cyber attacks.