By today’s standards, integrity can be defined as the maintenance and assurance of the accuracy and consistency of the entire system—including data—over its entire life cycle. Managing integrity within an organisation is achieved through establishing foundational controls for:
- Asset management
- Configuration management
- Change management
- Vulnerability management
- Log management
If these functions aren’t controlled and integrated properly, an organisation will be vulnerable to security breaches regardless of the amount of money spent on other point solutions.
“Integrity management isn’t a new technology or a new product,” says Tim Erlin, VP Product Management, Tripwire. “It doesn’t address a single type of attack or issue. Managing system integrity is more foundational and results in a more holistic approach to addressing threats. By approaching cybersecurity from the perspective of ensuring system integrity, you can employ well-known, established best practices more effectively and you can evaluate new technologies more accurately.”
In addition, the current security environment has become better suited to utilising these types of controls, says Eugene Spafford, co-creator of the original Tripwire software release and executive director emeritus of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. “I think that security management has evolved to where we not only have a greater understanding of the threats, but increasingly security isn’t just placed on top of IT personnel. There is separation between those two responsibilities, with a separate set of controls and real consequences if those controls aren’t followed.”
A Move to Integrity
“As attackers innovate and threats evolve, security organisations need to re-examine the fundamentals of their information security programs to ensure that they are adapting to the realities of the evolving threat landscape and related risks,” recommends Mandiant in its 2017 M-Trends Report8.
For CISOs, the hurdles to prioritising integrity within their security strategies involve more than just recognising the critical need for it, however. First, moving to a security strategy underpinned by foundational integrity controls requires a major shift away from the perimeter defense focus. Secondly, it’s hard to budget for a process like integrity management, especially when other executives are being bombarded with marketing hype on the latest threats and protective products available.
“The value of integrity management is fairly intuitive, but it does need to be explained clearly,” says Erlin. “There’s definitely a process of education that CISOs will have to provide to other business leaders within their organisation.”
Fortunately, the process of managing integrity is not an all-or-nothing proposition. Organisations can deploy integrity management solutions and processes in small steps. One way to get started is to embed information security into the foundational change management process and then strongly enforce that process. By doing so, writes Tripwire co-founder Gene Kim in Visible Ops Security: Achieving Common Security and IT Operations in Four Practical Steps, organisations can:
- Help assess the potential information security and operational impact of changes
- Ensure that change requests comply with information security requirements, corporate policy and industry standards
- Recommend alternatives for risky changes, instead of merely denying them
- Request changes needed to address information security risks
“When we do these things, we align ourselves closely with the responsibilities of our internal change manager, as well as third-party service providers, such as cloud providers, who may have their own change management organisation and processes,” Kim explains. “We position ourselves to help enforce the integrity of the change management process by ensuring that all changes are properly authorised and that unauthorised changes are detected and investigated appropriately. Moreover, we ensure that change management and security are integrated into all processes.”
By implementing foundational controls alone, organisations can prevent and detect 90 percent of all breaches, according to the IT Process Institute. Once these foundational controls are in place and as the organisation matures, additional control capabilities can be added.
While the integrity discussion is not necessarily easy and will inevitably require a shift in how CISOs think about their security investment, integrity management represents one of the most promising approaches to effective enterprise security both now and in the future.
Download the full whitepaper, Security Execs, It’s Time We Had the Integrity Talk at https://www.tripwire.com/misc/security-execs-its-time-we-had-the-integrity-talk-register/.