Get Instant Access
to This Blueprint

Security icon

Secure Critical Systems and Intellectual Property Against APT

Protect yourself from being boarded and raided by cyber privateers.

  • Advanced persistent threats (APTs) are becoming more and more prevalent, targeting any and all organizations that have some valuable intellectual property or are laterally connected to a target organization.
  • Companies need to know how to protect themselves from an attack, track and quantify an attack, respond to an attack, and ensure maintenance.
  • Enterprise users need to know what a spear phishing attack looks like and what they should watch for in order to mitigate against their manipulation.

Our Advice

Critical Insight

  • APTs are a real risk to most organizations, regardless of size, and most don’t properly know how to defend against one.
  • A multi-layered defence approach is needed with specific tracking and monitoring capabilities.

Impact and Result

  • Identify your risk posture that identifies the likelihood an advanced persistent threat would be carried out against your organization.
  • Prioritize your security gaps based on the importance and achievability of each measure to ensure you are successful in your role.
  • Build the necessary layered security to defend, respond, and investigate an attack to ensure when an attack does occur you are covered across all aspects.

Secure Critical Systems and Intellectual Property Against APT

1. Identify and understand the organization’s risk position

Identify if the organization is a target, and create a risk posture.

2. Assess current security measures and identify and prioritize gaps

Identify specific APT measures already in place and assess and grade security maturity and capability levels.

3. Prepare for an APT attack and build the necessary defenses

Stop or degrade any attack against the organization.

4. Implement a response plan and investigate capabilities

Respond to an attack and learn from it to actively evolve the security systems.

5. Estimate the costs to develop and implement the organization’s governance plans for APT security

Get the most effective security system against the best APTs that will have senior buy-in.


Onsite Workshop: Secure Critical Systems and Intellectual Property Against APT

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess and Grade Current APT Security Measures

The Purpose

  • Validate your identified risk posture and likelihood for an APT attack.
  • Comprehensively grade your current security system.

Key Benefits Achieved

  • Identified risk posture for an APT
  • Graded current APT security measures

Activities

Outputs

1.1

Validate your risk posture

1.2

Identify existing APT security measures in place

  • Identified risk posture
1.3

Assess and grade security maturity and capability levels

  • Graded APT security measures
1.4

Determine overall enterprise risk to an APT

Module 2: Perform Gap Analysis and Prioritization

The Purpose

  • Identify the current security gaps that must be bridged from existing security measures to the target state
  • Evaluate these gaps
  • Prioritize gaps

Key Benefits Achieved

  • Prioritized list of your APT security gaps

Activities

Outputs

2.1

Perform gap analysis

2.2

Evaluate identified gaps

2.3

Understand and implement an enterprise risk tolerance

2.4

Develop importance and achievability levels for each gap

2.5

Prioritize your APT security gaps

  • Prioritized list of your APT security gaps

Module 3: Build the Defenses and Prepare

The Purpose

  • Build a strong end-user education and training plan
  • Improve threat intelligence
  • Limit and control user access
  • Implement strong security infrastructure
  • Develop active monitoring capabilities

Key Benefits Achieved

  • End-user training plan
  • Threat intelligence roadmap
  • Access control action plan
  • Infrastructure action plan
  • Monitoring action plan

Activities

Outputs

3.1

Educate employees

  • End-user training plan
3.2

Improve threat intelligence

  • Threat intelligence roadmap
3.3

Control access

  • Access control action plan
3.4

Implement strong security infrastructure

  • Infrastructure action plan
3.5

Build active monitoring

  • Monitoring action plan

Module 4: Build Ad Hoc Attack Processes

The Purpose

  • Develop response capabilities to an attack
  • Develop investigative capabilities
  • Create sustainable APT security

Key Benefits Achieved

  • CIRT team
  • Incident management plan
  • Digital forensic understanding
  • Intrusion reconstruction ability
  • Responsibility and ownership allocation

Activities

Outputs

4.1

Create a CIRT team

  • CIRT team
4.2

Develop an incident management plan

  • Incident management plan
4.3

Understand digital forensics

  • Digital forensic understanding
4.4

Develop intrusion reconstruction techniques

  • Intrusion reconstruction ability
4.5

Allocate responsibility and ownership

  • Responsibility and ownership allocation

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Protect yourself from being boarded and raided by cyber privateers.

Need Extra Help?
Try Our Guided Implementations

Get the help you need in this 1-phase advisory process. You'll receive 4 touchpoints with our researchers, all included in your membership.

  • Call #1 - Risk posture

    Discuss your valuable or sensitive data, your lateral organizational ties, APT targeting nature and how you should understand your IP. Review your risk posture identification.

  • Call #2 - Security foundations

    Discuss any missing foundational security measures that should be in place, determine an action plan for securing your organization, understand how to properly implement foundational measures and communicate with stakeholders.

  • Call #3 - Current security assessment

    Discuss and review your assessment and grading of your current APT security measures as well as your consequent enterprise total risk. Review the Current APT Security Measures Assessment Tool.

  • Call #4 - Gap analysis

    Discuss and review the results from the gap identification and prioritization from the Current APT Security Measures Assessment Tool. Discuss your enterprise's most important, actionable, and logical steps for securing your IP and critical systems.

Search Code: 74211
Published: February 14, 2014
Last Revised: February 14, 2014

Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019