Are There Specializations in Computer Security?
In cybersecurity, it’s wise to specialize. Information security is not just about keeping the hackers at bay. There is a complete life cycle associated with risk management and the security process.
The smallest business organizations may have just one or two people hired to do cybersecurity. They cover as much ground as they can and outsource the rest. But large commercial enterprises—and the security firms that serve them—are supported by a number of functional specializations requiring different skill sets with different reporting responsibilities in the company.
Cybersecurity Policy and Architecture
Successful cybersecurity is not driven by hackers. Successful cybersecurity is driven by policy. And creating successful cybersecurity policies requires an experienced engineer, generally someone who has many years with the firm and many years in IT, to manage complicated tradeoffs.
This cybersecurity architect needs to be fluent in the language of company policy. The cybersecurity architect then translates company policy into business processes, data standards, and data structures. This staff person sorts through alternatives in policy and their corresponding architecture to find the best solution to predictable problems. And this staff person is familiar with many products, protocols, and exception situations to come up with the best solution to unpredictable problems. As cybersecurity expert Dave Buster puts it, architects use frameworks to architecture into structures accessible to management.
Data Loss Prevention
Data loss prevention, also known as DLP, is the activity many consumers think of when they think of cybersecurity. DLP deploys security applications on servers and endpoints. In many settings, DLP involves connecting services on the back end to push out updates through an advanced client. The engineers involved in DLP keep the system up to date and troubleshoot conflicts between applications, for example, operating issues between new virus checkers. The DLP function ensures the security of data in databases and on servers. It maintains the all-important software that allows users to log in at the beginning of every shift. And it engages work staff on privacy issues and General Data Protection Regulation (GDPR) compliance.
Governance, Risk, and Compliance
Governance, Risk, and Compliance, also known as GRC, is the “security auditor.” Analysts performing this function identify and quantify risk, perform internal audits against generally accepted principles and best practices, and develop plans for disaster recovery and continuity. These professionals need a comprehensive understanding of the business because their assessment of cybersecurity risks must line up with senior management’s understanding of business risk.
GRC professionals check the work of other cybersecurity specialists against commonly accepted checklists such as the Payment Card Industry Data Security Standard (PCI-DSS). They themselves may hold certifications such as Qualified Security Assessor (QSA) and Internal Security Assessor (ISA). In companies in the United States, they may audit company cybersecurity standards against the Risk Management Framework (RMF). In all of these duties, they need to maintain clear and open communications with the rest of the company to be able to communicate their findings and needs for improvement until cybersecurity issues are resolved.
Identity and Access Management
Identity and access management, also known as IAM, works across all systems and all platforms to manage identification, authorization, and permissions. These are cybersecurity experts who will understand use and security issues on devices ranging from smartphones and tablets to desktops and servers to mainframes.
IAM professionals often also serve as enforcers across the entire company. In this role, they need to understand the nuance of policy implementation across the entire organization. They track the latest developments in biometrics and multi-factor identification. And they have to be fluent in the languages of cloud architecture and myriad protocols and technologies, OpenID and OAuth, for example, usually while working with smaller staffs than other cybersecurity departments. But because the most common attack on proprietary data is user credentials, they have to be diligent in their jobs.
Even the largest companies usually outsource penetration testing. The penetration testing team intentionally attacks systems the same way a black hat hacker would. Obviously, internally sourced penetration testing puts interpersonal relationships under stress. It is awkward for penetration testers who know company staff to conduct “human engineering tests in which they attempt to convince users to give up sensitive information. A dedicated externally sourced penetration team suffers no interpersonal pressures and is free to develop depth of expertise in testing techniques.
Even superior cybersecurity suffers occasional breaches. The Incident Response team detects and analyzes security breaches and prescribes appropriate action. That can be as simple as taking a computer or a device offline. The most effective response in some situations could be putting a piece of software in the sandbox to test to determine if it is malware. And some security breaches require much more drastic responses.
The professionals on the Incident Response team do more than detecting threats. They conduct their work with knowledge of courtroom rules of evidence. The team needs to be able not just to show what an attacker did and when the attacker did it, but also to present these facts in a way that will withstand the scrutiny of the courts.
Secure Cloud (or Data Center) Management
Every company needs someone working hands on its cloud management or data center operations. This team is responsible for installing, configuring, and operating software and systems. This is the team that ensures the operation of intrusion detection, firewalls, and dedicated Hardware Security Modules (HSMs) to maintain sensitive certificates and keys. Often known as Secure DevOps, this team manages database functions securely.
Secure Software Development
Some organizations write and sell software. Some organizations write their own software for internal use. Any company that writes software needs a team to test the product at various stages of development to make sure vulnerabilities are minimal. They work closely with the cybersecurity policy and architecture team both by inspecting code and monitoring run-time behavior to make sure applications are secure.
Fortune 500 companies have massive staffs dedicated to all of these cybersecurity functions. Smaller companies may have cybersecurity professionals filling multiple roles. And the smallest companies may need to outsource their entire cybersecurity function. But companies of all sizes can implement cybersecurity through the following three exercises.
Feign and train
One way companies of all sizes test their cybersecurity is to send out a simulated phishing email to see who takes the bait. Companies large and small use this technique to identify staff weaknesses and to minimize human error. People, not technology, are the most common causes of breached data.
Even the largest companies usually outsource their cybersecurity risk assessment. Making sure IT networks and systems adhere to stringent security protocols to protect sensitive data is a task best left to outside audit. The cybersecurity audit report in turn can drive a clear plan of action for improvement.
Cyberattacks are inevitable. Vigilance and regular staff training are a must even when secure systems are place. Management must be ready for unchecked cyberattacks by deciding which services must be restored first, who will respond when a system is attacked, and how long a system can be allowed to stay offline.
These are functions that no company can afford to get wrong. Many companies are better served by outsourcing cybersecurity to specialists.
Should Your Company Outsource Cybersecurity?
Many companies simply don’t have the resources to do their own comprehensive cybersecurity. The “IT guy” can download antivirus software and maintain user credentials. The management team can develop credible cybersecurity policies but may lack the staff and resources to implement them. Or the company can simply need to focus on what it does best.
Most small to midsize organizations, both commercial and non-profit, are well served by outsourcing cybersecurity. Here are just a few of the reasons why.
Regulatory agencies can make cybersecurity lapses extremely expensive. There is no better example of this fact of business operation than the fines imposed by the Office of Civil Rights (OCR) of the U.S. Health and Human Services Department. Over the last five years, OCR has imposed fines totaling US $116 million on 75 companies for data breaches affecting patient privacy. And it isn’t just HIPAA (Health Insurance Portability and Accountability Act) violations that can become enormously expensive. Businesses regulated under SOC, PCI DSS, and GDPR are required not just to maintain cybersecurity, but also to document their adherence to mandated cybersecurity protocols. Regulators require companies to prove that they have taken proactive measures to protect their data, and courts will consider cybersecurity practices when assessing damages after a cyberattack.
Outsourcing cybersecurity gives you access to experts in the field. It is exceedingly difficult for small organizations to maintain the expertise needed to identify, classify, and correct major data vulnerabilities. It’s even harder for a small staff to keep up with the latest cyberthreats to which your organization may be vulnerable. Outsourced cybersecurity expertise keeps your company up to date against the latest threats and helps you respond to them quickly.
Outsourcing cybersecurity saves money. When you outsource cybersecurity staff, you don’t need to hire as many fulltime staff with fulltime salaries. You have a layer of liability protection against customer claims. You save money by suffering less of the downtime required to identify and respond to cyberthreats, and you can focus on doing what you best.
Your cybersecurity contractor has probably seen it all. They deal with almost every potential hack, malware download, and cyberthreat in the interconnected world. They are up to date and have current tactics and techniques to counter cybercrime.
Don’t pay the price for climbing the learning curve by attempting to do your own cybersecurity. Outsource with a cybersecurity provider you know and trust.