…or What I want for Cyber Security and Intelligence Christmas 2016
- All CIOs must have served as a CISO for at least 4 years before being allowed to be a CIO.
- All CIOs must have a CISSP, CISM, and at least 2 technical information security certifications and have been thoroughly trained and qualified to be a CIO. No more cronyism.
- CISOs will never report to the CIO – conflict of interest and a recipe for … what we have now.
- If you are the administrator for a device, you secure that device (servers, routers, appliances, etc.). You are responsible and accountable – Secure what you own. Secure what you manage.
- CIOs and their leadership will be held liable for deploying vulnerable systems.
- All new products (IoT and beyond) must be certified secure before public release. No more figure it out as we go and bolt it on after we have consumers hooked.
- All root access / administrative rights for production, critical, supporting, etc., systems and devices are removed and granted only for approved changes and incidents.
- All written code and script must be written properly. There is no such thing as secure code, only code the works correctly and does not create vulnerabilities.
9. All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and/or service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls.
10. New regulations to enforce security and privacy, demanding disclosure of breaches, fining companies and individuals for negligence are put in place, at once.
11. Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.
12. You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy and program is the absolute right thing to do (repeat after me …).
Merry Cyber Christmas from Treadstone 71