Information Security in a Technology Dependent Age

By: Nelson Lubinda, CISSP, CCNA Security, GCED, CEH
Visual Connections Senior Cybersecurity Engineer

The overall goal here is to provide useful insight that will help readers manage an information security program and continuously protect organizational data from data loss and malicious activities. Meeting regulatory requirements, while improving defenses and mitigating losses without stifling the core business operations is critical in our current technology-dependent age.

The right talent. Often, skills required in information security grow and change rapidly as organizations scale and technologies evolve. Therefore, having a hybrid well rounded adaptive cybersecurity professional is essential. Generally, a professional who can find weaknesses is often a different breed than one focused exclusively on building defenses. Developing both sets of such skills takes a long time, requires multiple certifications, and costs a lot of training and certification dollars. Having such an individual with an eye for both offensive and defensive approaches to assure compliance and avoid disruption on a team, project, or program improves not only the quality of work but also increases the confidence of developers, project managers, and other supporting staff on a project.

Implementation. When implementing programs, it is essential to have real-time security integrated contribution from concept, inception, and post-implementation representation. Therefore, security must be applied at every step of the program and not inserted as an afterthought. Executives and stakeholders need to be careful in this implementation phase; cookie-cutter decisions can cost an organization more money in the long run. Be aware that relying solely on outside consultants, who usually don't have a complete understanding of a program, could be risky. All consultants must have a thorough knowledge of historical and current organizational business requirements, the culture, and organizational structure.

Current industry trends. Unlike a decade ago, cybercriminals are motivated by financial and intellectual property gains. Some are corporate, foreign government, and rogue regimes sponsored. They are well funded, organized, sophisticated, and focused.  On the rise and ranking as the biggest threat is Phishing tactics via email targeting local governments and enterprises via ransomware attacks and pivoting to other entities, including private sectors and the Federal Government. Unfortunately, due to the advancement of technology, traditional bastion hosts no longer protect the perimeter. The attack surfaces and attack vectors are maximized because devices transcend these physical barriers. Therefore, the entire spectrum from active physical boundary defense to virtual and cloud environments defense becomes a tenant of Network Defense professionals where the endpoint needs to be contained and protected by multiple layers of protection all the time.

The emphasis is on adhering to Cybersecurity Programs and Policies meeting Federal Laws, Policies, Standards, State and Local Government Ordinances, Mandates, Trade, Corporate entities, and International Agreements (HIPAA, FISMA, FIPS, NIST, etc.). Meanwhile, adhering to Cyber Hygiene, relating to the practices and precautions users take to keep sensitive data safe and secure from theft and outside attacks is crucial. The Confidentiality, Integrity, and Availability of data axiom demands that security is not compromised in the effort of providing one of these services above. The industry is rapidly moving towards secure and compliant cloud environments, yet it all depends on USERS’ actions. Like personal hygiene, Cyber Hygiene must be applied by EVERYONE and ALL the time.

Through the Visual Connections (VC) Lens. As well as performing hands-on work, VC understands enough about underlying technologies and frameworks to help set security strategies, develop appropriate policies, interact with skilled security practitioners, ensure compliance, and provide measurable outcomes.  Protecting sensitive information is one of the cornerstones of the professional services that we provide. Usage and sharing of sensitive information are growing yet inversely Data Loss and theft are increasingly common and expose a greater risk with data usage. VC Understands that Information security breaches are costly and can cause reputational and legal concerns for the firm. VC stays well-informed with current trends on both fronts; Cyber Security and FISMA and other Federal obligatory requirements in the Health Information and Data Privacy need. VC protects Data, Information, Knowledge, and Intelligence/Wisdom as the core-competence of a business bane of existence.

VC Information Security Solutions & Support Services. VC can help new, current, and future customers by identifying the current threats against network infrastructures and building defensible networks that minimize the impact of attacks and recommending Access Tools that can be used to analyze a network to prevent attacks and detect the adversary.

VC has the experience and ability to securely integrate existing systems with compatible technologies and an aptitude to conceptualize the long-term needs of enterprise security application integration. VC augments the learning curve and implementation process by providing cyber expertise and protection while allowing customers to concentrate on their core business competencies. 

VC stays well-informed with current trends on all fronts, Cybersecurity, FISMA regulations, Obligatory
Federal requirements and mandates in the health information and data privacy needs. (HIPAA, PHI, PII, HIPS 140.2, etc.). Therefore, the entire spectrum from active physical boundary defense to virtual and cloud environments defense becomes a tenant of Network Defense professionals where the endpoint needs to be contained and protected by multiple layers of protection all the time. The overall goal is to manage an information security program that can continuously protect the organization data from data loss prevention through malware and malicious activities, meeting regulatory requirements while improving defenses and mitigating losses without stifling the business operations.