Businesses of all sizes have strategies that apply to various aspects of their operations. From marketing to finance and from sales to hiring, strategies must be developed and implemented across departments
However, one strategy commonly overlooked by businesses, regardless of size, is the implementation and upkeep of File Integrity Monitoring (FIM) software and practices. Much like other strategies, it has common themes:
- It is vital to the organization's success
- It takes thoughtful planning
- It clearly defines roles
- It is well-documented and commonly understood
Here are three different phases to work through to create a file integrity monitoring strategy that can be used by any business.
Phase 1 - Self Audit
Before laying out a plan, the first step is to thoroughly analyze your internal IT systems, processes, and controls. This might require you to include people from various departments/teams to gain insight into how information flows through your organization.
Network Assessment
Regardless of the size of your business, the industry you belong to, or who will work on Phase 1 of your FIM strategy, you'll want to conduct a network assessment. An article from Adeolu Owokade has information on what is needed to conduct a self-assessment. As Owokade points out, it involves:
- A Full Inventory: Determining what kind of devices are running on the network.
- Determining Support: If any of those devices were obsolete.
- Assessing Architecture: How the devices were connected.
- Testing Security: Are there any security concerns that need to be addressed?
PCI-DSS Self-Assessment (If Applicable)
If you work in an industry that collects payment card data, this step is highly recommended—you may even be required to conduct it regularly. A PCI-DSS Self-Assessment can be conducted following the steps on the Payment Card Industry Security Standards Council's Website and can help determine if greater security measures are required to maintain compliance.
Phase 2 - Planning
Team Involvement
To provide the context needed throughout your organization, you should involve stakeholders from each department and function. IT security isn't just the responsibility of your IT people. It takes buy-in and active participation from your whole organization.
Talk with the various stakeholders within your organization to gain a firmer understanding of the type of information that their respective teams need access to and the type of information that isn't needed or should be restricted.
Accountability
Having accountability workflows in place is critical in an ever-changing IT environment. Once you've identified what information can be viewed and altered by different people within the organization, you should ensure that there are no unchecked powers. Regarding file integrity monitoring, users with unchecked powers can become dangerous to a business's IT infrastructure. Even system admins and those creating these accountability checks should not be given free rein.
Events & Automation
Should an event occur, whether malicious or accidental, you should have systems that can stop and remediate unwanted file changes. Some file integrity monitoring software will enable you to set rules around crucial files you monitor, giving you the ability to take action using the following criteria:
- Who changed the information?
- What exactly changed?
- When was it changed?
- How was it changed? (Process)
Documentation
Thorough documentation provides the context behind your organization's actions. Creating comprehensive documentation surrounding your file integrity monitoring practices ensures there are no questions about who is responsible for what.
Regardless of the size of your organization, your IT security strategy should be documented. While you're likely not creating a 5 year national IT security strategy, your documentation can (and should) contain items such as:
- Vision for organization-wide security efforts
- Roles and responsibilities
- A detailed implementation plan
- Defense measures
- Internal education and communication practices
- Action plans for various events
Software
A solid file integrity monitoring strategy is only complete if you have implemented software to monitor for you. It isn't realistic for your team to manually monitor your critical files for changes. A needle in a haystack is an understatement of the improbability of a human successfully finding file changes without software to support them.
However, a FIM tool is only successful if it is monitoring the right files. The software needs to be configured to monitor important files to detect and flag unwanted changes.
Related Read: Key Features to Look for in a File Integrity Monitoring Software
Phase 3 - Test & Rollout
Create a Controlled Testing Environment
Testing environments are relatively simple to create in a virtualized IT infrastructure. Most organizations can spin up servers using VMware or similar server virtualization software programs, allowing you to thoroughly test your file integrity monitoring strategy before rolling it out.
Based on how your information is structured, you should create a virtual testing environment that mimics your current use. Suppose you have the ability to create clones of virtual machines. In that case, it is a good option because you'll be able to see how your FIM software responds in real-life situations using an identical file structure, which could be a cause for alarm and action.
If you haven't done it before or need a refresher on creating a virtual testing environment, VMware has a wealth of information on their blog.
Rollout
Once the software and policies that revolve around your IT security are fully tested, it's time to roll out your strategy across your organization. Since you've likely kept key stakeholders in the loop throughout Phase 1 and Phase 2, it shouldn't be news to anyone that these initiatives are taking place.
Even though different departments may be aware of potential changes, it's vital to the success of your FIM strategy that it is thoughtfully communicated across the organization. Before rolling out major changes, ensure that you have emails drafted, internal memos created, and other forms of communication ready to go out. You'll likely receive questions, so be prepared to field them with educated responses that non-IT personnel can understand.
Monitor & Regularly Test
While FIM software programs are typically built so you don't have to monitor files manually, it is a good idea to perform regular checks and tests. This should be done monthly, quarterly, or at the very least, bi-annually.
Reevaluate:
- Critical files being monitored and files that should be
- Alerting criteria and triggering events
- Key stakeholders and permissions
- Automated events
Interested in learning more about how FIM software can fit into a firm's IT security and file integrity monitoring strategy? Download the Definitive Guide to File Integrity Monitoring or meet with our team today.
