Philosophically, the term “holistic” describes the interconnectedness of parts that represent a whole. The medical community refers to treating someone in their entirety using ALL factors, not just managing one particular symptom. These conceptual descriptions of the word also parallel how a holistic approach is used in cybersecurity.
Holistic cybersecurity utilizes ALL types of solutions to manage ALL types of threats while serving ALL types of security functionality. The system, as a whole, works as one, giving an organization a complete, robust, and layered cybersecurity program.
It’s important to understand that this holistic approach also means treating security as the foundation of a business. Without a solid baseline security system, no other business function can operate — not sales, marketing, HR, or finance — nothing. It should also be noted that holistic security is relative. In other words, just because you’re holistic today does not mean you will be tomorrow.
Being holistic means being fluid and adapting to the evolving cybersecurity threats and revolutionary security controls, processes, and frameworks constantly being developed. Here we will break down the comprehensive methodology component of holistic cybersecurity and show you how we at Ascension Global Technology use this approach to serve our clients.
Holistic Cybersecurity is a Comprehensive Methodology
The first major aspect of holistic cybersecurity that should be incorporated when developing and deploying a cybersecurity strategy is the use of a comprehensive methodology. This component of the holistic approach is all about how an organization is evaluated in terms of what they currently have, what they need, and what makes the most sense for them based on their resources, industry, organizational culture, etc.
Comprehensive vs. Narrow-Focused Methodologies
For comparison, a narrow-focused cybersecurity practitioner might only evaluate an organization based on whether they have specific technical controls in place such as a network firewall or antivirus on every endpoint device — then offer vendor options in the event there’s a gap. A cybersecurity professional utilizing a holistic approach, on the other hand, would practice their craft with more than just this software-reselling mindset.
They would act as a broad-skilled business consultant that uses various evaluation techniques such as vulnerability assessments, penetration testing, and non-invasive risk assessments to view the threat landscape and vulnerabilities the organization might have to its system. There would also be a full review of their current technology assets (devices, data systems, applications, servers, etc.) to gauge the design of their infrastructure and systems.
Additionally, they would look at an organization’s governance structure to see who oversees which departments and functions. They would evaluate administrative policies and procedures for ALL areas of their cyberspace and their relation to compliance requirements such as HIPAA or PCI. As part of governance analysis, the holistic practitioner would look at whether they have legal or regulatory requirements and the degree to which they are fulfilling them.
All of this would be supplemented with a full assessment of the firm’s IT management and cybersecurity program to check for system visibility and security gaps in protective, detective, and responsive solutions. This evaluation would even extend to other parts of the supply chain and consider contractors, suppliers, and partners of the organization and their security hygiene.
Comprehensive Methodology is About Identifying
The primary objective of the comprehensive methodology is for the cybersecurity practitioner(s) (and the organization) to have a clear understanding of their risks, requirements, and security program — otherwise known as “Identifying.” Only after this step takes place can a strategy be developed and implemented.
Think of this methodology (and holisticism as a whole) in the same way a doctor might evaluate a patient during a checkup. They wouldn’t just ask questions and run tests relating to one persistent issue. A doctor taking a holistic approach would look at their mental health, diet, physical activity, occupation, family history, symptoms, AND current medication to diagnose and treat any health problems.
Some of those therapeutics, prescribed medication, or simple behavior changes recommended by the doctor could take a long time before actual results are realized. The same idea is seen in the cybersecurity world, where after everything is “identified,” it could take years before the strategy is implemented in its entirety.
How We Use a Holistic Cybersecurity Approach for Our Clients
A holistic approach to cybersecurity is what yields a particular strategy such as the Zero Trust Model to help minimize and mitigate security risks. Ascension Global Technology uses a holistic approach to help its clients by using a variety of equally essential methods and processes:
- Pulling resources and knowledge from partners and expert professionals
- Using detailed methodology to make sure all aspects of a client’s cybersecurity program are met and completed in the most streamlined way
- Ensuring a smooth transition by having clients follow a detailed roadmap that takes their security program from point A to point B
- Working closely with CISOs and other decision-makers to guide them through the entire process
- Educating on today’s threats and adversaries as well as how they could impact the client
- Create a security posture vision and turn that into actionable items
- Utilizing assessments to manage compliance requirements and corporate governance
- Filling in the security gaps to improve IT hygiene and offer a new standard of organizational security
Now that you have an idea of what it means to use a comprehensive methodology for holistic cybersecurity, let’s look at an example of this approach in action.
Ascension Global Technology (AGT) recently brought ABC Health Inc, a large health-services business, on as a client. As part of their holistic process to properly evaluate the firm and develop a plan-of-action, they underwent a series of steps to identify ABC Health Inc’s risks and requirements:
- Audited and documented ABC Health Inc’s technology assets, including all known devices, applications, servers, databases, and other systems with how they are all connected.
- Conducted a HIPAA compliance review through one of AGT’s partners to evaluate requirements and current gaps.
- Ran a risk assessment consisting of cyber-threat modeling and a business impact analysis on the financial and reputational ramifications if an incident were to happen to ABC Health Inc.
- Evaluated system vulnerabilities by running a vulnerability assessment on ABC Health Inc’s network and different penetrations tests such as network, social engineering, and firewall pen-testing.
- Viewed current policies and procedures set forth by management relating to data security, device use, password management, and system access processes.
- Worked with the IT department of ABC Health Inc to evaluate system visibility and the current platforms being used to maintain visibility and detect any anomalies.
- Collaborated with the CISO of ABC Health Inc to understand all current preventative controls to protect them from various threats and attacks.
After completing all of these steps, the Ascension Global Technology team developed a strategy best suited for ABC Health Inc and a roadmap to incorporate the strategy into ABC Health Inc’s program fully.
Time to Go Holistic
We at Ascension Global Technology are ready to assist your organization with a holistic cybersecurity approach and generate the right strategy for you. Schedule a consultation today with one of our experts to get started.
This article is part of an “ultimate guide” series on the concept of holistic cybersecurity and how it can help your business. Be sure to check our blog page as more content is published on this important topic.