To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks perform their intended functions without degradation or impairment. Digital integrity is possible only through the merging of people, process and technology into a holistic framework. Such an effort can be difficult without proper guidance. Fortunately, several of the Center for Internet Security’s Critical Security Controls (also known as the CIS Controls) can help. Organizations should pay particular attention to these security measures:
- CIS Controls 3, 5 and 11 together help organizations continuously manage their vulnerabilities, harden critical endpoints and monitor for unexpected changes.
- CIS Control 17 aids organizations in creating a security awareness training program for their employees that helps maintain skills and competencies.
- CIS Control 6 supports organizations in their development of an audit log policy and implementation of proactive change management.
With those controls, businesses can abide by the following six steps to establish and maintain a profile of digital integrity.
Step 1: Establish a Configuration Baseline for Your Infrastructure
Organizations need to understand how their assets are configured. Towards this end, they can use CIS Controls 5 and 11 to create a configuration baseline that allows them to manage configurations, catalog acceptable exceptions and issue alerts for unauthorized changes. Enterprises should design that standard in such a way that it applies to all authorized endpoints.
Step 2: Determine the Critical Files and Process You Need to Monitor Your Baseline
With a baseline in place, organizations need to monitor it using their critical files and processes. They can apply CIS Controls 7-17 to refine their monitoring processes to include endpoint master images, OS binaries and web server directories. They should also focus on key processes that either touch any of those files or involve logging and alert generation.
Step 3: Document Your Static and Dynamic Configuration Monitoring Procedures
Organizations can use CIS Controls 3.1 and 3.2 to configure their automated scanning tools for vulnerabilities. They should consider availing themselves of both static and dynamic monitoring. The former is useful for periodic checks and assessments against fixed network parameters while the latter is advantageous for providing real-time notifications of change.
Step 4: Implement Continuous Vulnerability Monitoring
Once they’ve configured their scanning tools, organizations need to figure out the scope of their continuous vulnerability monitoring program. As part of this program, they should follow the guidance of CIS Control 3 to ensure there are notifications for suspicious activities that change baseline configurations or expose the organization to increased risk. They should also work to see how IT and security personnel can work together to strengthen digital integrity.
Step 5: Establish Formal Change Management Processes
Change management works best if organizations establish formal processes to evaluate requests and track outcomes. For example, they can consider creating a change control board that’s empowered to act on high-priority issues and using risk-rating to prioritize the remediation of discovered vulnerabilities. All the while, organizations should be on the lookout for change management problems that undermine digital integrity.
Step 6: Establish Training for Your Staff
Lastly, organizations should follow CIS Control 18 to establish security awareness training for their employees. They should begin by performing a gap analysis to understand the skills and behaviors needed for their employees. Using their findings as a baseline, enterprises can then deliver training to address the skills gap for all workforce members.
An Ongoing Process
Establishing and maintaining digital integrity is an ongoing process that requires constant engagement from organizations. To make the best out of your organization’s efforts to create a digital integrity profile, download this whitepaper.
5 Things Your FIM Solution Should Be Doing for You
Discover the pivotal role of File Integrity Monitoring in maintaining system security and compliance with major standards. Tripwire Enterprise stands out as an advanced solution, offering real-time detection and detailed context for system changes, making it a superior choice for robust cybersecurity.