In order to successfully protect their systems and information, cybersecurity professionals must demonstrate a high degree of situational awareness. This type of awareness takes time to cultivate, because it usually develops through experience within a specific organization.
Each organization has its own distinct culture, which means that conditions vary widely from one organization to another. Therefore, it is critical for cybersecurity professionals to have an awareness of the environment in which they operate.
Situational Awareness is defined as:
“Within a volume of time and space, the perception of an enterprise’s security posture and its threat environment; the comprehension/meaning of both taken together (risk); and the projection of their status into the near future.” [CNSSI 4009].
Central to this awareness is an understanding of key business and technology factors that affect information security. Numerous factors, both internal and external, can directly impact an organization and its security needs, including:
Business plans and Business environment.
You have to be aware of nature of business, risk tolerance, security profile of your company; security trends in your industry; Mergers, acquisitions and partnerships – Consider type, frequency and resulting level of integration; Outsourcing services or providers, etc
Available information technology, security process or systems in particular.
You have to be fully aware of platforms and technologies used, internal & external network connectivity, level of complexity of IT systems, Operational support available, user communities & capabilities, new or emerging security tools, etc.
Both of these factors tend to be situational in nature, as every organization faces its own unique challenges and
risk based on the nature of its business. Business environment in particular tends to drive risk decisions. For
example, a small start-up company may be much more tolerant of risk than a large, well-established corporation.
Therefore, it can be helpful to reference these broad criteria when evaluating the drivers affecting the security of a specific organization.
IMPORTANT NOTE:
On aspect introduced within the NIST IR 7756 is CONTINUOUS MONITORING, which is defined and presented as in an architectural diagram. The diagram presents the interrelation and ecology of the multiple layers of continuous monitoring elements.
It is important to keep in mind that the given diagram is an information flow diagram and does not represent any specific technology solution."Continuous monitoring is ongoing observance with intent to provide warning. It is the ongoing observance and analysis of the operational states of systems to provide decision support regarding situational awareness and deviations from expectations.”
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM
