Cybersecurity Monitoring + Remediation + Compliance = One Platform
In highly regulated markets such as financial services, health care, (or government ;) cybersecurity risk management and compliance is becoming a serious issue. With escalating cyber threats and regulatory oversight, firms are coming under increased pressure to demonstrate their cybersecurity posture and enforcement practices.
Too often, we see firms saying the following -
"I am doing great in cybersecurity because we recently purchased a Fortinet firewall."
"...we use Sophos so we are doing great."
"Check out our Red Team End Point protection suite from Secureworks..."
And my all time favorite...
"All my data is in the cloud so there... Problem Solved!"
Let's not get this twisted, folks. These are all great tools and if you have the budget, by all means, go ahead and buy all these products! (And, I am not even going to respond to the last quote. If you still haven't got it, please read my previous blog posts...)
At Entreda, we believe that the "culture of compliance" begins with People, Processes and then Technology. More specifically, 3 questions firms must answer:
1. Do you have you most recent, written information security policy (WISP)?
2. Demonstrate proof of implementation and awareness by staff
3. On a specific date or during a specific period, demonstrate that a certain item documented in your WISP was actually implemented. (Harder than you think!)
One last thing...
"It's easier to prove things you are doing...but it is extremely hard to prove things you are NOT doing!"