What is security?
Kiemele defines security as “protecting confidentiality, integrity and availability of data.” In order to do so, it’s necessary to understand your reasons for implementing device security measures; this could be the need to follow regulations, respond to a security breach or keep up best practices.
You also need to be familiar with the types of threats your organization faces. This could involve:
- Cloud vulnerabilities: Cloud implementations can be daunting, but there are tools available to secure them.
- Malware: Because of potential for wide-spread damage, malware prevention is critical.
- Phishing: This is one of the most common attack vectors.
- Social engineering: Sometimes it’s simpler to gain information by exploiting goodwill.
Security frameworks and compliance
It can be helpful to use established frameworks to manage your security risks. Kiemele dives into the NIST cybersecurity framework:
- Identify: Take inventory of assets
- Protect: Implement safeguards for your assets
- Detect: Identify unauthorized actions
- Respond: Contain and mitigate impact of security events
- Recover: Restore full functionality following a security event
Compliance with regulations is critical not only for security and building trust with your customers but for preventing being hit with fines and lawsuits. There are a number of standards that can act as a starting point in your security approach. For example, if your company processes payments on a large scale, you need to ensure you are meeting PCI DSS. If you are a public company, you are responsible for upholding SOX compliance. Or if you carry healthcare information, you must follow HIPAA standards. Understanding what these regulations require and ensuring you meet those standards is an excellent starting point for securing your systems.
Risk mitigation strategies
It’s impossible to eliminate risk. Rather, you should aim to calculate risk scores proportional to the probability and impact of an attack. This, along with knowing the cost of mitigation vs. the value of the assets you are securing, allows you to prioritize how to protect your organization.
Kiemele goes into a number of risk mitigation strategies, including:
- Endpoint security solutions
- Network detection
- Access controls
- Password policies involving MFA and SSO
- User training
In particular, identity and access management involving MFA and device management software can provide a simple but effective part of your security solution at a lower cost.
Register for JNUC for on-demand access to our sessions.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.