Volume 8
tion is being accessed by the right people at the right time . So , what should agencies consider as part of the communications portion of their plan to address the cyber disruption threat ? The following three elements are key :
1 . Focus on Collaboration
Collaboration platforms , such as SharePoint , provide an ideal solution for what the NASCIO guide deems critical – the “ initial notifications , assessment and ongoing monitoring of the magnitude and reach of a cyberattack , operational coordination to deal with primary and secondary effects , and crossjurisdictional partnering .” These platforms streamline communications , document repositories , messaging capabilities , content sharing , project management , workflow coordination and alert management from virtually any location or device . That said , in a situation where multiple stakeholders are responding to a cyberattack that has resulted in a significant disruption , the ability to appropriately distinguish what information is being accessed and by whom is an important element to the overall success of the response effort .
2 . Add a Level of Security and Management
Collaboration platforms do require additional layers of security and controls , and agencies should consider the following when developing these plans : Permissions
• Applying permissions to individuals , groups or entities accessing the system should be the first step .
• This provides a baseline to limit and monitor access to the information residing on the system .
• From there , it is important to take control of those permissions for proper management .
• Integrating a centralized permission management capability offers a system-wide view into the current status of assignments as well as enables the ability to assign / adjust permissions down to the individual document level .
Auditing
• Incorporating a formal and consistent auditing function provides a regular review of the system , content and permissions .
• This process helps to answer questions such
Oct / Nov 2016 Edition
as : “ Who is using which content ?” and “ How often are specific items being accessed ?”
• It also ensures environments are kept clean by identifying unused content , duplicate content , personal content , old content or content that is just simply not relevant to the situation at hand .
Governance
• Collaboration environments are only as useful as the users make them , so instilling formal governance policies and procedures – and tracking to ensure they are being followed – will result in a more successful program .
• Giving power to users is only effective if rules can be enforced to govern what they can and cannot do .
• The ability to both monitor and control mitigates the risk of security and permissions becoming fragmented .
Continuous monitoring
• Once permissions , auditing and governance policies are established , it is important to monitor to ensure the entire lifecycle is running appropriately on an ongoing basis .
• Integrating continuous monitoring capabilities that will automatically generate an alert to predefined changes within the environment – such as when content is accessed , deleted or added – ensures that environment is operating properly and that the individuals or groups allowed to access information are the ones actually doing so .
3 . Address the Insider Threat
Whether intentional or unintentional , insider threats pose serious risk to your agency ’ s communications platform , and the data that resides in it . Agencies need to effectively audit and manage user permissions from a single console , ensuring policy compliance , while preventing security breaches and unauthorized access to sensitive content . They also need to have systems in place that use adaptive technologies such as machine learning to analyze and detect suspicious activities , including excessive downloads and unusual login attempts by location . With these types of systems in place , administrators are automatically notified of unusual behavior , and users are proactively locked out when suspicious activity is detected .
Although the NASCIO guide is in its initial
35