SECURITY SYSTEMS STRATEGY
VDA Labs has been around the block a few times and we’ve had the chance to work on, with, and most importantly against many of the leading security systems over the years. We know what’s effective in protecting your organization and what will leave you scratching your head, digging through logs, trying to find how you were compromised in a huge haystack of useless data.
Bringing in the services of a vCISO from VDA Labs gives you the opportunity to achieve your security goals with an experienced, independent leader. VDA will help put your security program on a roadmap with actionable tasks and measurable results.
A vCISO can handle the heavy lifting. By managing the strategic responsibilities and guiding your in-house staff, VDA provides training and mentoring. We also identify strengths and weaknesses in your team, and identify places where you need additional support. In doing so, we help you free up some of your in-house team’s workload, enabling them to take on other tasks.
A VDA Labs vCISO provides an objective independence to evaluate your team and your security. Because we come from outside your organization, we aren’t stuck with “how we’ve always done it,” or burdened by office politics or agendas. We have the knowledge and reputation, to get the job done, and done correctly.
HOW DOES VDA WORK WITH CLIENTS TO BUILD A SECURITY STRATEGY?
The first goal we have is to assess your current security posture. This can be done by active means, such as a penetration test, which is a great way to measure the base-line defensive position of your organization, or in a more general passive way through interviews and information gathering. We then use our decades of experience to make an assessment of your current posture to identify strengths and weaknesses.
Next we work to develop a prioritized road-map customized to your organization that will allow you to move the ball forward on security while gaining the most value for your investment. A critical component is impartiality – we don’t sell solutions for problems you may (or may not!) have, but provide unbiased advice.
WHAT DO WE LOOK FOR WHEN ASSESSING AN ORGANIZATION AND MAKING RECOMMENDATIONS?
Beyond our experience, there are a number of industry standards we can look to in order to evaluate the security posture of an organization. One of our favorites is the Center for Internet Security’s Top 20 Controls, the top five of which are listed below:
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
- Secure Configurations for Hardware and Software
- Continuous Vulnerability Assessment and Remediation
- Controlled Use of Administrative Privileges