• Email
  • Facebook
  • LinkedIn
  • Twitter
  • Vimeo
Contact Us

Manufacturer's Edge

Transforming Colorado One Company at a Time

  • COVID-19 Resources
    • Main COVID page
    • Product & Services Directory
    • Critical Supply List – Manufacturing Specs
    • Cybersecurity
    • Health and Safety in the Workplace
    • Loans & Financial Resources
    • National/International Resources
    • State Resources
    • Supply Chain
  • About Us
    • Staff and Locations
    • Board of Directors
    • Partners
    • Manufacturing Minutes Newsletter
    • Videos
    • Webinars
    • Success Stories
    • Congressional District Fact Sheets
  • Services
    • Cybersecurity
    • Continuous Improvement
    • Technology Acceleration
    • Supplier Development
    • Sustainable Practices
    • Workforce Development
    • Online Programs
  • Events
  • Small Manufacturer’s AdvantEDGE
  • Manufacturers Connect
You are here: Home / Cybersecurity / Simply Cyber: Beating the Odds

Simply Cyber: Beating the Odds

Beating the Odds: One Chance in 9,223,372,036,854,775,808
By Jennifer Kurtz, Cyber Program Director

What are your odds for picking the perfect security bracket around your information and its supporting systems? Probably worse than the odds of crafting the perfect March Madness bracket, which some mathematicians calculate as one in 9.2 quintillion. And yet, you probably know someone who is willing to play the odds: an estimated $10 billion was bet on March Madness outcomes in 2017, according to the American Gaming Association1. As a comparison, US organizations spent about three times as much—$31.5 billion—on cybersecurity tools and services in 20162. Those betting on either should be using similar techniques for making their picks, starting with identification (AKA reconnaissance, also, the starting phase for pragmatic hackers).

Reconnaissance is the essential information-gathering phase during which you identify the components of your information system. It requires taking a physical inventory of devices; a discovery inventory of software; a process inventory of automated scripts, system interfaces, and information transfers not readily visible; and a personnel inventory of access privileges. Although documenting your system inventory is time-consuming, you can’t protect what you don’t know you have—and can’t reliably detect, respond to, or recover from undesirable or unscheduled system changes. What you don’t know can hurt you.

Physical Inventory: Taking physical inventory is a familiar routine. Tools exist for automated network discovery that will make the first cut at listing IT assets easier, although you might still have to insert details about assets manually (e.g., useful life, vendor, registration/model/license numbers, repair and maintenance notes, known connected objects that were undetected). The general categories of physical IT assets include servers, routers, switches, hubs, wireless access points, printers, fax machines, sensors, UPS, cameras (e.g., surveillance), desktop phones, removable storage media, small factor/mobile devices (all that connect to the network, whether owned by the organization or individuals).

Software Inventory:
Recording software assets may reveal an environment that is excessively complex. Standardizing on software versions can simplify tasks related to technical support, whether they are related to end-user assistance, software patching, licensing payments, system maintenance, or technology refreshment.

Process Inventory: A process inventory is often recorded as a network diagram and/or information process flow diagram. Assembling the relevant information with good detail (and possibly historical knowledge) requires surveying data owners and data users to understand all creation, collection, retention, transfer, and sharing points for information. Remember when performing the process inventory that the “as designed” and “as built” information system (IS) environments may be inconsistent with the “as used” environments.

Personnel Inventory: Document all those who have access to different systems by individual user accounts, actual usage, and privilege level (what an individual account has access to, where and when access is permitted, and what activities are permitted).

Next Steps: Gather the information into simple documents, electronic and hard copy, with the latter stored securely—and at least one copy stored offsite. You may have already started to inventory IT assets as part of insurance, budget, tax, disaster recovery, incident response, or business continuity planning. Build on this IT asset inventory and update it regularly and as known changes occur. Performing both calendar-triggered and event-triggered updates can help close the information gap between what the inventory record says and actual usage. There are recommended follow-up evaluation steps for all of this inventory documentation that will be addressed in subsequent Simply Cyber issues.

Just as you wouldn’t squander your March Madness picks without knowing the 64 teams actually on the roster, you oughtn’t squander your cybersecurity resources—budget, personnel, energy—without knowing your environment. Identifying your IT assets is the essential first step to exercising due care and bettering your protection odds.


1http://bleacherreport.com/articles/2697846-march-madness-2017-70-million-brackets-104-billion-in-bets-expected


2http://fortune.com/2016/10/12/cybersecurity-global-spending/

Consulting

Featured Consulting

Company transformations

Training

Training

Results-driven training

Events

Events

Browse upcoming events

Success Story

Success Story
Improvements and Expansion Helps Propel the “Fairy Godmother of Fire” to New Heights

Tim and Voni Flaherty met while attending law school in Chicago and started a grand adventure that has seen them explore a variety of career opportunities. Having gone from law to banking to general management at Caterpillar, it was while living in San Antonio a few years ago that

Increased Sales
$5M
Retained Sales
$2M
Jobs Saved
16
Jobs Created
27
Read Full Story
Manufacturer's Edge
Manufacturer's Edge
2650 E 40th Ave
Denver, Colorado 80205
info@manufacturersedge.com

Click here to find our staff & locations
Sign Up for Email Updates
For Email Marketing you can trust.

© 2021 · Manufacturer's Edge All Rights Reserved

Phone: 303.592.4087

  • COVID-19 Resources
    ▼
    • Main COVID page
    • Product & Services Directory
    • Critical Supply List – Manufacturing Specs
    • Cybersecurity
    • Health and Safety in the Workplace
    • Loans & Financial Resources
    • National/International Resources
    • State Resources
    • Supply Chain
  • About Us
    ▼
    • Staff and Locations
    • Board of Directors
    • Partners
    • Manufacturing Minutes Newsletter
    • Videos
    • Webinars
    • Success Stories
    • Congressional District Fact Sheets
  • Services
    ▼
    • Cybersecurity
    • Continuous Improvement
    • Technology Acceleration
    • Supplier Development
    • Sustainable Practices
    • Workforce Development
    • Online Programs
  • Events
  • Small Manufacturer’s AdvantEDGE
  • Manufacturers Connect