Digital risk protection (DRP) solutions are known for their threat and issue-related alerting systems. As DRP solutions are increasingly becoming part of the standard Security Operations stack, teams are getting comfortable with receiving, triaging, and actioning the alerts arising from the dark, deep and clear web.
These solutions, additionally, also help in the implementation of risk standards in an organization. The two most common standards for information and cyber risk management are the NIST 800-39 and the ISO 27005. At a high level, DRP solutions help in the assessment phases as well as in the monitoring phases of these frameworks.
The NIST 800-39 framework process consists of four steps: framing, assessing, responding, and monitoring while the ISO 27005 can be split into five steps: context establishment, risk identification, risk analysis, and risk evaluation. A DRP solution can support a number of these steps, as outlined below.
1 – Risk Assessment and Analysis
Once the context and frame of risks have been identified, both standards propose an approach to assessing, identifying, and analyzing each risk. These are slightly different, but similar enough that the same support can be provided by a DRP solution.
Risk assessment identifies, prioritizes, and estimates the risk to an organization’s operations. In this context, a DRP solution can help the organization achieve a high-level picture of its external posture and the types of threats and issues that are currently visible externally. Although not all threats and issues detected by the platform may be actionable or require immediate attention, the sum of issues across a certain category will help understand the exposure to related risks. As an example, a company evaluating the risk of a data leak caused by an accidentally exposed database can take the overall data of its current and past exposed IT services found by a DRP platform to better understand and estimate the current and future exposure to the risk.
2 – Responding and Treating the Risk
If a risk is deemed high enough to warrant a response (NIST) or a treatment (ISO), the DRP solution can help in two regards:
- Directly mitigate any operational issue detected by the DRP solution, such as patching systems, removing leaked source code from a code-sharing platform, closing exposed ports, etc.
- Help guide the best controls to put in place based on the risk that has been identified. A risk of exposed services leading to open initial access points can be related to several causes: unsecure software development practices, improper management of production environments by an infrastructure team, etc. The DRP solution, through its past and existing alerts, will help guide the right policy or process to adjust.
3 – Monitoring the Risk
Once the risk has been treated, both standards recommend determining the ongoing effectiveness of the risk response measures and iterating on the process if needed to reduce the risk until it meets the tolerance of the organization.
At this step, the DRP solution of course helps the organization by identifying any further issues and alerting the security operations team. Depending on the response to the previously identified risk, it may be normal for several events to keep occurring. If this is the expected result, the alerts should be aggregated (manually or automatically by the DRP solution if it provides these features) and evaluated as a whole, periodically, to accurately understand the effectiveness of the response.
Take Ownership of Your Cybersecurity Risks
A DRP solution can help better control risk within an organization by supporting key steps of the NIST 800-39 and ISO 27005 standards. On top of the operational capabilities of the platform, it can also help assess, analyze, respond and monitor cyber and information and technology risk.