Network Integrity

Gary Merry
CEO Deep Run Security Services, LLC


Network integrity

Network integrity starts with a network diagram.  Actually, most things regarding technology risk should start with a network diagram.  Your network is the circulatory, nervous, and endocrine systems of your company.  As such, it requires many levels of support, and many levels of understanding and leadership.

As the network is a living breathing organism within your organization, it is perpetually out of date, and perpetually needing review for both accuracy and risk.

Traditionally, this document has fallen within the purview of the technical staff, but as the cyber risk problems continue to multiply, the need for leadership to participate in the oversight and understanding of these vital systems has become pivotal.  Also, you do not need to become a network expert to bring value in ensuring your network remains healthy and secure.

Topics leadership can review and ask to improve Network Integrity:

  • Ask for a review of the network diagram and ask for a version to be derived from the review that is appropriate for you to understand and review.
  • When was the diagram last updated?
  • Have you had a third party assessment of the complete network? Your infrastructure owners should not be your infrastructure assessors.
  • Where in the diagram would you find systems containing PII?
  • At what points in the diagram does PII information leave, or enter your network?
    • What do we do to ensure those points are secure?
  • How does your team know the versions and firmware updates needed?
  • Are there capacity concerns both in throughput and processing for any of the elements of the diagram?
  • Ask for a review of the capacity abilities of your network.
  • Where are you investing in improvements? (Note: there should always be investments in your network)
  • How do we Prevent, Detect and Respond to danger?
  • Apply the previous questions to any third party that has network access or ownership.

As with any patient, asking basic questions can lead to effective understanding by both you, and the patient.  By going through this exercise, your team will need to prepare (in of itself valuable) and the act of explaining opens the door to broader and more effective action and Integrity.

Along with network integrity comes network administration.

As most all network equipment is not governed by your enterprise access technology such as Active Directory, it requires a special set of procedures, and special oversight.

Questions to ask during your network diagram review re: network administration:

  • Do we possess encryption keys? If so, where do we store them?  Additionally, who has access?
  • How do we ensure the ID/Passwords for our network equipment are unique?
  • Review the key personnel loss procedures. What do you do when someone who has access to your network equipment leaves your organization?
  • What are the procedures for recovery in the event of damage or compromise? Do you have redundancy (High Availability)?
  • Ask for an explanation of how network equipment is backed up, as well as the overall backup policy and procedures for the entire organization.
  • Apply the previous questions to any third party that has network access or ownership.

 

A real weakness in today’s struggles with technology and Network risk is the transparent cooperation and understanding of leadership.  Therefore, never accept the complexities of networking as an excuse for a lack of understanding.   Borrowing a line from Albert Einstein, “If your team can’t explain it simply, they don’t understand it well enough.”

Do not be afraid to take a leadership role in your network integrity, 

Your company’s very existence may count on it.


Tags: , , , , , , , , , , , , , , , , , , , ,

Leave a Comment