How can businesses rethink cybersecuirty by working through a trusted baseline?

Hundreds and thousands of vendors compete for money in the cybersecurity industry, offering various solutions to distinct challenges. Since the DoD has made CMMC and DFARS mandatory, the demand for professionals providing managed IT services for government contractors has gone up.

With so much noise, it’s difficult for cybersecurity teams to grasp their alternatives, much alone make sound judgments.

In his book, The Paradox of Choice, Barry Schwartz, an American psychologist, argues that removing customer choices may considerably reduce buyer anxiety. When you apply that to cybersecurity, you may add a new dimension. Reducing cybersecurity leaders’ options not only reduces worry but also improves results, as measured by the ability to maintain adequate service levels.

It’s easy to overlook the cybersecurity industry’s youth. Our sector is still in its infancy compared to the more developed field of IT operations, even though many of us have been working extremely hard for a couple of decades to protect our organizations from cyber threats.  

Change management is a straightforward procedure:

Establish a reliable benchmark for what is permissible in our environment.

Changes from the baseline should be tracked and managed.

When this principle is applied to cybersecurity, the benefits are apparent. We’ll go a long way toward ensuring the reliability, security, and confidentiality of our systems, resources, and information if we can create a trustworthy baseline of what is allowed—files, users, activities, and so on—and then block anything else.

Physical Security Can Teach Us A Lot

Particularly in comparison to other fields like managed IT services, one of the weirdest aspects of cybersecurity is the emphasis on detecting and avoiding bad things.

You’re not likely to try to track down every individual who isn’t authorized to be in the place. That would swiftly deplete your assets and do nothing. Instead, you’d create and manage a list (baseline) of everyone who needs to be there and utilize a control mechanism to verify that only those individuals are admitted.

This system isn’t ideal, of course. Someone who was expected to have access is sometimes denied entry. This is simple to handle. The person who has been barred from entering just informs the guard why they should be allowed in, and it is promptly validated (or not). ‘Managing by exception’ is the term for this method.

Some people, on the other hand, will try to push their way in. This is also simple to control via distinction. The security officer will notice the issue and capture the perpetrators.

Most public talks on cybersecurity fundamentals take a different approach.

Blacklists are used by most cybersecurity measures to try to recognize and block all conceivable ‘negative stuff.’ Instead of keeping a limited list of allowed things, information security teams keep a massive list of things that aren’t allowed and keep an eye on it all the time.

This method is sluggish and reactive because it overlooks dangers since they haven’t been observed before.

What Makes A Reliable Authoritative Baseline?

All resources, file hashes, system settings, and other items authorized to exist in an environment are included in a trustworthy baseline. A baseline incorporates best practices from reputable sources such as CIS Benchmarks and DISA STIGs, in conjunction with the information established by the organization.

This data is used to create an organization’s recognized baseline. Once the baseline has been established, the organization may keep track of changes to ensure that they are in accordance with the baseline. If they don’t, they can be prevented at the source, rapidly remedied, or allowed and incorporated into the baseline if the modification turns out to be safe.

How can businesses rethink cybersecuirty by working through a trusted baseline?
Scroll to top