Explore steps to implement security controls
1. Explore steps to implement security controls
A critical part of your job as a cloud security professional will be implementing security controls to reduce risk and maintain compliance. There are many choices for controls, so it’ll be important for you to think of your organization's needs and potential risks when choosing and implementing them. In this video, we’ll give you some steps you can follow to implement security controls and develop an implementation plan so you can be successful in your role. So, let’s get started with the steps to implement security controls. The first step is to identify controls. It's helpful to start with threat modeling to identify the controls you should implement. That way, you can identify a specific threat and choose the best control to eliminate it or reduce the risk. Imagine that you’ve identified a potential account spoofing threat, which is where a threat actor disguises their identity. So, you decide to implement a second-factor authentication using a physical security key as a control to mitigate the risk of spoofing. The second step to implement security controls is to develop the implementation plan. During this step, consider whether the entire organization needs a physical security key, or if only certain groups, like executives, remote workers, or highly privileged accounts need security keys. Since the majority of your organization works remotely and needs to access sensitive data, your team determines that physical keys should be required across the organization, including contractors and third-party vendors. You and your team will next need to develop policies and procedures for implementing the control. It’s also important that employees and contractors are aware of how to get and use a security key, and what is expected of them. So your team will need to develop policies around implementing this control. Also, be sure that everyone knows how to reach the appropriate people in case of questions, clarifications, or incidents. You’ll also need to ensure that you have the budget to buy all the keys. The third step to implement security controls is to accurately test and validate the security controls your team deployed. This step is important to truly determine whether an environment is secure. To test and validate a physical security key, you can use reports to measure and track your users' enrollment in two-step verification with a security key. That way, you can check user enrollment status, the number of security keys, and enforcement status. Enforcement status refers to how and if the two-step verification is being enforced within an organization. Each user can also verify they can sign in with their own key. After you’ve implemented and tested each control, continue to the fourth step, monitor and maintain the control’s effectiveness. Your team will also make adjustments as necessary. The fifth and final step to implement security controls is to record the process in the team’s security plan document. These actions include the security control selection and implementation process. This document is useful because it will explain the why and the how for implementing security controls. This documentation is also essential for communicating how controls relate to your organizational risk management and compliance goals. Implementing controls is an ongoing process and an exciting part of being a cloud security professional. In your role, you’ll continually strategize to mitigate threats and work with people throughout your organization to ensure proper deployment and use of controls.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.