The Coronavirus crisis introduces a heavy burden on the CISO with the joint impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden by a relentless generation of noise in the form of attack reports, best practices, tips, and threat landscape analysis. The CISO Checklist for Secure Remote Working (download here) was built to assist CISOs in navigating through this noise, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.
The Coronavirus quarantine forces us to face a new reality. It is critical to acknowledge this new reality in order to understand how to successfully confront these changes. Make no mistake – these changes apply to any organization, regardless of its former security posture.
For example, an organization with a high maturity level that routinely monitors its user’s behavior to detect anomalies must now alter its policies to adjust to the mass remote workload. On the other hand, organizations with lesser maturity that could contain the risk of not placing advanced protection on their email systems and endpoints now realize that they have a critical security gap that must be addressed.
The CISO Checklist for Secure Remote Working breaks down the Coronavirus derived changes in reality and maps them to concrete checkboxes. It’s important to point that the checklist does not dive into the actual implementation since it can be carried out in multiple ways with respect to the internal policies and preferences of each organization.
The CISO Checklist for Secure Remote Working is built of five pillars: