Steps to Build a Good Operational FrameworkCISO Angel Redoble on Focusing on Attack Entry Points, Zero Trust
While most organizations carry out risk assessments and cybersecurity audits, security practitioners need to go beyond these manual processes to ensure proper protection from attackers, according to Angel Redoble, group CISO, PLDT Group.
"Cybersecurity operations is a different animal. It cannot be manualized. And that is why I advocate on creating a good operational framework," Redoble said.
When Redoble joined the company, he quickly realized that the existing environment was complex and would have taken a year or more to completely understand. Instead, he focused on identifying all of the potential attack entry points.
"I first determined the number of attack entry points we have," he said. "The next question I asked was: What security controls do we have currently, and what are the attacks or attack techniques that can be launched against every attack entry point? And with that, in just a matter of a few months, we were able to fortify our defenses against cyberattacks."
In this video interview with Information Security Media Group, Redoble also discusses:
- How to create a good operational framework;
- How a zero trust strategy helps in designing the best operational framework;
- Why the theoretical approach doesn't always work.
Redoble, a first vice president responsible for cybersecurity at PLDT Group, Smart Communications and ePLDT Group, is a member and former vice chairman of the National Advisory Group for Police Transformation and Development. He is currently chairman and founding president of the Philippine Institute of Cyber Security Professionals and chairman of the MVP Group Cybersecurity Council.