Analecta Cyber Company Blog: Ensuring Accountability: Define Detection Roles and Responsibilities


Ensuring Accountability: Define Detection Roles and Responsibilities

Cybersecurity in apple ipad - Ensuring Accountability: Define Detection Roles and Responsibilities Ensuring Accountability: Define Detection Roles and Responsibilities - Analecta Cyber Graphic banner Sound detection processes make a world of difference when it comes to making your organization more secure. Technical solutions ─ such as firewalls and antivirus software ─ take on much of the hard work, but it is also important to clearly define detection roles and responsibilities. Placing a named person with these clearly defined roles and responsibilities increases detection and process efficiency, and ensures accountability in case the process fails.  

Who’s responsible?

The primary goal of the Detect Category of the NIST Cybersecurity Framework (CSF) is to enable the timely discovery of cybersecurity events. The CSF further delineates this category into three subcategories with the supporting goals of:
  • Ensuring anomalies and events are detected and that you understand the potential impact of these events
  • Implementing continuous monitoring capabilities across your information systems and assets that will identify cybersecurity events and verify that your protective measures are effective
  • Maintaining detection processes and procedures and testing them to ensure that you are aware of anomalous events

To accomplish these three goals, you need to have the right people with the right knowledge in place. For a better idea of some of the specialized knowledge that you may need, consider an employee or multiple employees that are familiar with:
  • Network baselines for your specific business
  • How to identify a cybersecurity event based on sensor data
  • Network monitoring capabilities
  • Malicious code analysis
  • Penetration and detection testing
  • Detection process improvement

Small and medium-sized businesses may not have the resources for a fully staffed IT shop, but one role should be considered a critical fill ─ Chief Information Security Officer (CISO). This person is responsible for ensuring that your organizational assets and supporting systems are secure. It doesn’t matter what type of business or organization you have, all businesses have some sort of data, and protecting that data is an important task.

Cybersecurity in apple ipad - Ensuring Accountability: Define Detection Roles and Responsibilities
Who in your company is managing your Cybersecurity efforts? If it is the CEO, the multi-hat-wearing sys admin or no one, we need to talk! A dedicated Chief Information Security Officer (CISO) is crucial in designing and retaining a secure posture for the entire company.

Improving accountability

Whether you have a full cybersecurity team with individualized roles or a lone CISO, keep looking for ways to improve your security posture. Take the time to test your team’s performance under realistic conditions. NIST recommends organizations employ assessors or assessor teams to conduct security control or risk assessments. This will give you an impartial look at how well each person is performing their role. You can use your own employees to conduct the assessment or a contracted team, but if you use your own employees, it is important that assessors do not assess their own work.

Design your assessment to progress through the entire detection process, not just where human interaction is required. Network data flow and baseline analysis requires performance by humans and IT devices. If you only assess how well a human looks at data anomalies, you may miss that a sensor is not viewing network traffic along a certain segment.

On the other hand, if you are assessing how well a technical solution (for example, an antivirus software) performs its job, know who is responsible for keeping the software updated and performing at its peak. An antivirus that appears to be functioning correctly but has out of date virus definitions can be a severe vulnerability.    

Starting point

For more information about the Detect category of the CSF, here are some additional Analecta Cyber blog articles:

About that independent risk assessment?

Analecta Cyber has devised a 96-point Cyber Risk Assessment that asks tough, realistic questions that can identify the most critical next steps in your firm’s cybersecurity program to maximize protection. The Analecta Cyber Risk Assessment, which is based on the NIST CFS, is designed to enable small and medium-sized businesses to minimize or even eliminate the risk of data breaches that can cause customer loss, reputational damage and severe bottom-line impact. For more information about the Cyber Risk Assessment and other ways to protect your business, email us at or visit our Cybersecurity website.

Analecta Cyber is a Maryland-based cybersecurity firm providing cyber risk assessments for small and medium sized businesses. Analecta is a trusted partner to help companies achieve their cybersecurity objectives.

Analecta Cyber Logo

No comments :

Post a Comment