Volume 8
tion is being accessed by the right people at the
right time.
So, what should agencies consider as part of the
communications portion of their plan to address the
cyber disruption threat? The following three elements are key:
1. Focus on Collaboration
Collaboration platforms, such as SharePoint, provide an ideal solution for what the NASCIO guide
deems critical – the “initial notifications, assessment and ongoing monitoring of the magnitude and
reach of a cyberattack, operational coordination to
deal with primary and secondary effects, and crossjurisdictional partnering.”
These platforms streamline communications, document repositories, messaging capabilities, content
sharing, project management, workflow coordination and alert management from virtually any location or device.
That said, in a situation where multiple stakeholders
are responding to a cyberattack that has resulted in
a significant disruption, the ability to appropriately
distinguish what information is being accessed and
by whom is an important element to the overall success of the response effort.
2. Add a Level of Security and Management
Collaboration platforms do require additional layers
of security and controls, and agencies should consider the following when developing these plans:
Permissions
• Applying permissions to individuals, groups or
entities accessing the system should be the first
step.
• This provides a baseline to limit and monitor access to the information residing on the system.
• From there, it is important to take control of
those permissions for proper management.
• Integrating a centralized permission management capability offers a system-wide view into
the current status of assignments as well as
enables the ability to assign/adjust permissions
down to the individual document level.
Auditing
• Incorpora ting a formal and consistent auditing
function provides a regular review of the system, content and permissions.
• This process helps to answer questions such
Oct/Nov 2016 Edition
as: “Who is using which content?” and “How often are specific items being accessed?”
• It also ensures environments are kept clean by
identifying unused content, duplicate content,
personal content, old content or content that is
just simply not relevant to the situation at hand.
Governance
• Collaboration environments are only as useful as the users make them, so instilling formal
governance policies and procedures – and
tracking to ensure they are being followed – will
result in a more successful program.
• Giving power to users is only effective if rules
can be enforced to govern what they can and
cannot do.
• The ability to both monitor and control mitigates
the risk of security and permissions becoming
fragmented.
Continuous monitoring
• Once permissions, auditing and governance
policies are established, it is important to monitor to ensure the entire lifecycle is running appropriately on an ongoing basis.
• Integrating continuous monitoring capabilities
that will automatically generate an alert to predefined changes within the environment – such
as when content is accessed, deleted or added
– ensures that environment is operating properly and that the individuals or groups allowed
to access information are the ones actually doing so.
3. Address the Insider Threat
Whether intentional or unintentional, insider threats
pose serious risk to your agency’s communications
platform, and the data that resides in it.
Agencies need to effectively audit and manage
user permissions from a single console, ensuring policy compliance, while preventing security
breaches and unauthorized access to sensitive
content.
They also need to have systems in place that use
adaptive technologies such as machine learning to
analyze and detect suspicious activities, including
excessive downloads and unusual login attempts
by location.
With these types of systems in place, administrators are automatically notified of unusual behavior,
and users are proactively locked out when suspicious activity is detected.
Although the NASCIO guide is in its initial
35