With ransomware attacks on the rise in higher education, getting a comprehensive outside assessment can prove critical to bridging security gaps in your infrastructure, network and applications — but only if you ask the right questions. Here’s what every university IT team should learn from an assessment.
1. Where Are Our Processes Not Working?
Good security is a marathon, not a sprint. The way to win the race is by implementing solid security controls with repeatable processes and consistently maintaining them. Make sure assessors aren’t focusing on finding a single server with an expired certificate. They should look for places where you’re making repeated errors.
2. Are We Managing Identity and Access Management Correctly?
Patching, audits, event management — it’s all important. However, a huge number of data breaches track back to poor IAM practices. Ask for a detailed examination of your IAM procedures, tools and management. An independent assessment here targets your No. 1 vulnerability: people.
Click the banner below to learn how CDW’s assessments can help identify vulnerabilities.
3. Where Is Our Architecture Obsolete?
Most organizations have outdated application and network architectures. Approaches such as microsegmentation are old ideas but have recently become standard in data center design. Identify where the security ground has shifted, then reconsider and redesign as needed.
4. Is This the Forest or the Trees?
Any assessment must poke into the details — so, yes, that security vulnerability in your maintenance scheduling application is important. But much more valuable is knowing the big picture: Where are you doing a good job, and where do you need to improve? Listen carefully to what the assessor has to say.
Click the banner below to get a free checklist on preventing and remediating zero-day exploits.
5. What Can We Do Ourselves After the Assessment?
A big chunk of an assesment’s value comes from the interpretation of the output of some automated tools. That interpretation is what you’re paying for, so make sure there’s a knowledge transfer from the assessor to your team to ensure that you know how to protect yourself between regular assessments.