In the current environment of limited IT staff and budget, efficiency is everything. Nowhere is this more applicable than for IT security teams. There simply aren't enough staff and systems to meet the ever increasing challenges and requirements posed by compliance regulations, internal audits and business risk management.
In particular, the rise in compliance and audit requirements has often squeezed out resources that might have otherwise gone to fundamental security functions such as tight controls on intellectual property (IP) or effective security investigations. As a result, organizations are frequently left exposed and vulnerable. Within this environment, what concrete steps can be taken to meet compliance and audit requirements while simultaneously ensuring the successful implementation of fundamental security controls?
To start answering this question, it helps to reflect on the daily reality of the IT security team. The bulk of the team's time is spread across a few areas. First, there are mundane operational chores such as firewall and Web surfing policy management, and antivirus or intrusion prevention care and feeding. Of course, there are also the periodic rollouts of new platforms and applications.
Next are the inevitable fire drill activities such as proving that it's not "the firewall's fault" that an application is slow or recovering corrupted PCs or "lost" data. And on top of that, there is considerable time spent on meeting audit and compliance requirements that typically consume precious staff resources in gathering log data from a number of sources, normalizing the resulting data, and compiling required audit and compliance reports.
Summarizing what many IT security professionals believe, one information security architect at a large healthcare system recently stated that "operational efficiency is the biggest challenge facing the information security industry."