Automate as Many Regularly Occurring Events as Possible
- With cloud assets in the infrastructure, you must ensure that service providers are delivering a secure service, and the processes you run there are secure.
- Whether validating the server image or enforcing proper view and function states, you need to adopt a process to automate this through configuration management controls.
“You can ask to see redacted details of vulnerability scans, and remediation plans associated with them. You can ask to sample and check on key controls.”
As chief information security officer (CISO) of Creditsafe, an international provider of business credit reports with offices in Europe and North America, Russ Kirby is responsible for cybersecurity, regulations, and compliance, including GDPR compliance which is currently rolling out in Europe, and risk management. “I cover everything,” Kirby says. “It’s a very holistic security operation.”