What Assumptions Are You Making?

Career, Critical Security Controls, cyber security, Security Published October 19, 2019

Assumption made of safe driving

What Assumptions Are You Making?

I used to make a lot of assumptions. I assumed I would get an alert if my security agents were not working correctly. Since no one said there was a problem with my security agents, I assumed everything would be okay. These are just a few assumptions I make daily as a cybersecurity practitioner about the security agents that protect my organization. While it is preferable to think everything is okay, it is much better to validate that assumption regularly. 

I have been fortunate to work in cybersecurity for many years and at several diverse types of organizations. During that time, I always found it helpful to check on the status of the security agents periodically. I have found with scheduling recurring calendar reminders; I can better validate the assumption that the security agents are working as intended. Specific areas of focus include confirming the security agent is installed correctly and performing the actions specified in the policy. 

Central monitoring consoles are a great place to start for security agents that have not communicated back to the console within an acceptable time. The output from the console can be compared to the Inventory and Control of Hardware Assets to ensure that every system has a security agent installed. Whether an automated or manual task, this practical step can help to validate your assumption. 

What assumptions can you validate today?

Think about your assumptions, and take action right away! By being intentional about validating the health of your security agents, you can do a great deal to validate the assumptions you are making.

One of my favorite questions is “How long can you stand to not know”. In this case, how long can you stand to not know when your security agents are not working as expected? If you get stuck, check out my earlier article and video from the Center for Internet Security on the Implementation Guide for Small and Medium-Sized Businesses

I would be failing you if I did not ask – What Assumptions Are You Making in your cybersecurity program? Let us know of your success in the comments section below! 

Want to get more cybersecurity information in your inbox? I would love to invite you to our email list, so you do not miss out on weekly events! 

4 thoughts on “What Assumptions Are You Making?

  1. Do you mind if I quote a couple of your posts as long as I provide
    credit and sources back to your site? My blog is in the very same niche as yours and my
    visitors would genuinely benefit from a lot of the information you present
    here. Please let me know if this alright with you. Thanks!

    Reply
  2. Pingback: Look in the Rear View Mirror - Security Ever After - CISO
  3. Pingback: Creative Hiring in Cybersecurity - Security Ever After - vCISO
  4. Pingback: Building a Cybersecurity Culture - Security Ever After - vCISO

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.