Walk before you run: Baseline controls and paths to cybersecurity maturity
By Gregory Moore
Are you a seasoned IT pro who’s been tasked with handling security for your organization? Are you a brand-new CISO awash in a sea of security products and vendors? Or maybe you (finally!) received additional resources and management’s approval to “do something” about cybersecurity. Whichever the case, you look out over your environment of legacy systems and hardware, policies, multiple frameworks, and compliance requirements and ask yourself: Where do I begin, and how do I know that’s the right place?
On October 22, 3pm ET, Josh Drake will present “Walk before you run: Baseline controls and paths to cybersecurity maturity.” Register >>
ResearchSOC: Give us a preview of your presentation and what your goals are.
J.D.: Since the talk is about baseline security controls, we came up with the title “Walk before you run.” The idea behind this one is that people can come and get an idea of where they need to begin building a cyber defense or cybersecurity program at their organization.
Regardless of whether they’re building it from scratch, or they have something that they’ve cobbled together that’s not working as effectively as they’d like, we’re going to provide a basement–level foundation for them to start building and maturing a program.
Our goal for the presentation would be that anyone coming to the talk would come away with a clear picture of where they have existing holes that they need to fill before they start building on top of that. And then the other goal is that people would see that perhaps they have a lot of these baseline controls in place already and then see how they can mature them to be more effective.
We have three different levels of implementation that the controls cover. We’ll split them into 20 control groups. Control groups are divided into Implementation Group One and Implementation Groups Two and Three. We’re going to focus on groups one and two, but mostly on group one. We also provide some sort of maturation and evolution steps for people that have completed group one and would like to improve and move into the next group.
Josh Drake is a senior security analyst at the Indiana University Center for Applied Cybersecurity Research (CACR), working with ResearchSOC, Open Science Grid, and Trusted CI (the NSF Cybersecurity Center of Excellence). Over his 15–year career, Josh has worked in applications support, project management, systems analysis, and network and systems administration across several industries including municipal government, energy, and healthcare.
The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email firstname.lastname@example.org.