Identify the core elements of your cloud ecosystem and develop a security strategy for how to secure them.
InLigo understands that effective security policies must be implemented consistently across the enterprise to protect your In Cloud information systems and customers. Nevertheless, security policies must also account for variations in business functions and information systems to be universally applicable.
To meet these requirements, InLigo implements a comprehensive security governance program as a part of the Microsoft Policy Framework.
Table of contents
Business Environment
Technological Business EnvironmentGovernance
Risk Management Strategy
Supply Chain Risk Management
Microsoft 365 Solution
WHAT IS YOUR SECURITY SCORE?
Business Environment
The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.
Technological Business Environment
A technological business environment includes the development of new technology, how people interact with technology and its environmental effects. Technology can impact a company’s internal and external environments. Internally, it might influence things like the price of production or how you might automate certain tasks. Externally, technology can affect how consumers communicate with each other and how quickly they adapt to advancements in the field.
Matters to be considered while assessing the technological environment
- What production technology and information technology does the company employ?
- How important is each technology to the firm?
- Is there an external technology that the company depends on? What is the reliability of such technology?
- What has been the extent of investments in technology? Is the investment in the design or the implementation or the maintenance?
- How much have other competitors in the same industry invested in their technologies?
- Which technological investments should be withdrawn or limited?
- What are the additional technological requirements to meet with the goals and vision of the company both in the short and the long run?
Governance
The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.”
Questions
- Are cybersecurity roles defined internally and at the user level?
- If your business follows compliance requirements, do you have the necessary controls in place if you were to get audited?
- What policies and procedure have you implemented to govern and manage risk?
Risk Management Strategy
The organization priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.
Questions
- Where does business-critical intellectual property live within your organization?
- Who has access to business-critical information?
- Where is the most business-critical assets?
Supply Chain Risk Management
The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess, and management supply chain risks
Questions
- How often do you interact with users outside your organization?
- What is the primary method of communication? (Email, phone, chat, etc.)
- How do you share documents with external users?
- Do you ever work on projects with outside contractors?
- Do you have language in those contracts that speaks to the data you will be giving access to?
- How do you know employees are using the best security practices when sharing company data?
Microsoft 365 Solution
- Azure AD (B2B), Conditional Access. Data Loss Prevention, Azure Information Protection.
- Protect against human error.
- Policy tips or Blocking Send
- Retention Tags
- Encryption Settings
