With the current world health crisis, more organizations are making the shift to remote working environments for their employees. At ISACA, we are living this today as ISACA’s office is closed and all staff are working remotely.
Technology is integral to successfully transition a large portion of the workforce to working remotely. As we moved to remote work, we had the good fortune of being in the business we are in— one that is tuned to best cybersecurity and governance practices. We were able to make the transition to remote work seamlessly because we know that a good framework, such as COBIT 2019, and cybersecurity best practices can help organizations and the personnel responsible for security, infrastructure, risk and governance navigate these uncertain times.
There are several COBIT 2019 practices that are of particular interest when it comes to supporting remote workers:
- Manage critical assets (BAI09.02): Identify assets that are critical in providing service capability. Maximize their reliability and availability to support business needs. We may be leaving the physical office behind during this pandemic but let’s not forget that we have an infrastructure to keep up! Routine physical services, patch management and preventive maintenance still needs to be performed on all devices critical to day-to-day business.
- Manage network and connectivity security (DSS05.02): Use security measures and related management procedures to protect information over all methods of connectivity. Network security is essential for any business to function during normal business operations. With many employees now working remotely, it is important to shift our way of thinking about managing these incoming connections that interact with the enterprises established network security.
- Manage end point security (DSS05.03): Ensure that endpoints are secure at a level that is equal to or greater than the defined security requirements for the information processed, stored or transmitted. With remote work, one of the most challenging shifts is the inability to physically manage endpoints on the network. Endpoint security, in conjunction with network connectivity security, is where weaknesses within our systems will be most vulnerable during this transition. This is where employee training will be crucial in ensuring that security policies and procedures are being properly applied.
- Maintain business resilience (DSS04.02): Evaluate business resilience options and choose a cost-effective and viable strategy that will ensure enterprises continuity, disaster recovery and incident response in the face of disaster or other major incident or disruption. Our business resilience for our enterprises and business are going through the ultimate test right due to the COVID-19 pandemic. It is important to not only utilize these polices but also to monitor and update them where we observe deficits for particular functions.