Let’s get real for a moment.
This saying exists for a reason “...it’s not IF but WHEN you will have a security incident
A few real-world experiences that will happen:
The first item that will be requested by both legal counsel and an Incident Response (IR) Investigator are your policies. Information security policies are to describe how the organization wants to protect its information assets. After policies are outlined, standards are defined to set the mandatory rules that will be used to implement the policies. Some policies can have multiple guidelines, which are recommendations as to how the policies can be implemented.
A mature security program requires the following policies and procedures:
Building and managing a security program is an effort that most organizations grow into overtime.
ISG Grizzly Shield Security Services
We take an easy three step approach to helping organizations Secure their AWS environment:
Pinpoint – Understand the level of maturity your security program has achieved and the possible gaps that may be present.
Jump Start – Develop Project plan/Roadmap for initiatives required to bring your Organization to the point where 24 X 7 monitoring can be leveraged, and data consumed by an MSP or internal staff or a combination of the two.
Monitoring, Training, and Ongoing Management – 24 X 7 monitoring and alerting based on defined SLAs.