Enterprises and operators of critical infrastructure have long been on the front lines of cyber security. Most recently new threats have been identified through our Symantec Threat Hunter team, including Lazarus, Verblecon and Daxin. And of course the previous attacks forcing major service interruptions on large infrastructure.
More CEOs and boards of directors are taking direct oversight of cyber security to avoid becoming a victim of a crippling cyber attack. But putting plans in place to respond to cyber threats and establish controls that align with the organization’s overall business objectives, is often easier said than done. In their planning to get their security house in order, the task can be overwhelming. Indeed, despite the increased attention to corporate security, common vulnerabilities still leave most corporate networks open to breaches.
A Global Problem
Clearly, cyber security is a shared, global problem, one that demands a concerted, global response. Which is why the availability of a new framework to equip members with the proper training, services, and technologies marks a major advance.
The Cyber Defence Centre (CDC) framework is the outgrowth of collaborative work at the International Telecommunication Union (ITU), the arm of the United Nations responsible for all matters related to information and communication technologies. The framework that ITU delegates came up with isn’t just theoretical, it provides a scoring system to help CDCs determine how and by whom security services are implemented, including insourcing, outsourcing, or some combination of the two. It also indicates how a CDC should determine and implement security services to enable the security of an organization.
The framework establishes a state-of-the-art, multilingual, global governance approach that’s available to everyone.
The document gets granular at times - but that's what's needed – codifying the services will help accelerate or align capacity building efforts. The framework establishes a state-of-the-art, multilingual, global governance approach that’s available to everyone. With this document as their guide, organizations can lay out the build, management and evaluation processes that go into making a successful CDC. Ultimately, it removes any guesswork about what to do next.
Of course, there’s nothing mandatory here. Organizations are still responsible for setting their own policies and are free to decide how they want to allocate their resources. But for the first time, they can turn to a globally approved blueprint to step them through the process of everything from strategic management to incident response to their relationship with external parties.
A Common Language
Outsiders hearing about this for the first time may well ask themselves why organizations haven’t been able to figure this out by themselves. They do. But each organization is likely to go its own way. Indeed, when we ask CISOs to define what a SOC is or should be, the answers are all over the map.
That presents problems because if you don’t have a common language to describe the job for each constituency (private and public organizations) in a security context, countries and regions won’t be able to effectively organize and collaborate around cyber defense.
But with a framework providing a guideline to build their security capabilities, organizations can be confident that they’re conducting their SOC transformation around a common framework. What’s more, they will be able to:
- Quickly achieve agreement, buy-in, and defuse personal preferences
- Guide future decision-making and help achieve success even if there are team conflicts
- Attract top job candidates who want to work for a best-in-class SOC built upon this world-class industry framework
The Future is Here
Given how rapidly the cyber security world is changing, fragmented organizational responses won’t be enough to fend off today’s global threat actors. That’s why the CDC is going to be a game-changer when it comes to cyber security management for 2022 and beyond. To learn more on how Broadcom Software can help you modernize, optimize and protect your enterprise, contact us here.
We encourage you to share your thoughts on your favorite social platform.