Effective information security depends on the right recipe, tools and 'baker'.
This is according to Manuel Corregedor, COO of Telspace Systems, speaking at the ITWeb Security Summit in Midrand yesterday.
Likening information security to baking a cake, Corregador said: "First, you need the recipe, which raises the question of which [security] framework to choose."
Security frameworks, tools and skills deployed in an organisation need to be appropriate to their context: world-class massive systems are not necessary for SMEs, while large enterprises need much more than just the basics.
"You need to choose the right standard for yourself, one that is appropriate for your context. The NIST Cybesecurity Framework standards, for example, cover everything, but it's a massive framework and it might be too much for an SME to implement and manage. Everyone needs to understand the framework, so it's important to choose the right one to secure buy-in."
A successful information security recipe also required a skilled 'baker', he said.
"You need the skills in place first, so you know what tools need to be bought to work for your environment and solve your problems. The person responsible for driving infosec decisions must also be chosen in line with the context, but they also need to be passionate about infosec, up to date with what's happening in the world of cyber security, and have the right level of skills and experience," he said.
On the right tools, Corregador advised that companies resist the urge to buy all the latest technologies and expect them to protect the environment.
"Don't just throw out what you have," he said. "Use tools that are right for the context, make sure the tools you have in place are actually turned on, patches are correctly applied, and strong passwords and two-factor authentication are in place. Stop testing the same thing over and over, and run penetration tests and vulnerability assessments," he advised.
Share