登录查看更多内容

How can you evaluate the security risks of legacy systems?

由人工智能和领英社区提供技术支持

Legacy systems are outdated software or hardware that are still in use despite being inefficient, insecure, or incompatible with newer technologies. They pose significant security risks to data governance, as they may not comply with current standards, regulations, or best practices, and may be vulnerable to cyberattacks, data breaches, or data loss. How can you evaluate the security risks of legacy systems and decide whether to replace, upgrade, or maintain them? Here are some steps you can follow.

此文章中的业界达人

由社区从 6 条内容中精选。了解更多

Aviad Chen
Jaime Nari?o V, PMP

1 Identify legacy systems

The first step is to identify which systems in your organization are considered legacy and why. You can use criteria such as the age, functionality, performance, reliability, support, and compatibility of the systems to determine their status. You can also consult with the system owners, users, and vendors to get their feedback and insights. You should document the inventory of legacy systems and their characteristics, dependencies, and interconnections.

添加您的观点

Aviad Chen
举报内容
One thing that I think is missing here is the usability of the system. Most systems, legacy as well, have loga and user tracking, to help us understand if we even need the system to be up and running. If only a few users still use it, can they replace it with a new system? What exactly are they doing and can we find alternatives?

已翻译

赞
André Coelho

Senior Data Governance Expert at Nordea
举报内容
I'd like to add thar understanding the version of each system is an important topic. Sometimes the security issue comes from not having your systems updated to the last version. It will make you become vulnerable to know flaws. Having notifications to view if there are new versions or ensure automatic updates are some practices you should consider. However, we also have to consider systems that are built in-house. These systems will therefore be governed way more closely to adapt to continuous evolving threats.

已翻译

赞

2 Assess security threats and impacts

The next step is to assess the security threats and impacts that legacy systems may face or cause. You can use frameworks such as NIST SP 800-30 or ISO 27005 to guide your risk assessment process. You should identify the sources, scenarios, and likelihood of potential security incidents that could affect the confidentiality, integrity, or availability of your data. You should also estimate the consequences and costs of such incidents, such as legal penalties, reputational damage, operational disruption, or data recovery.

添加您的观点

Aviad Chen
举报内容
Apply system specific security standards, for example PCI for payment applications or common CIS benchmarks according to where the application is installed. It might be that the framework where the system is installed is not up-to-date, and then even if the system is updated, it is still exposed to risks.

已翻译

赞

3 Evaluate security controls and gaps

The third step is to evaluate the security controls and gaps that exist in your legacy systems. You should review the current security policies, procedures, and practices that apply to the systems and check their effectiveness and compliance. You should also identify the security gaps and weaknesses that need to be addressed or mitigated. You should prioritize the security risks based on their severity and urgency and document the findings and recommendations.

添加您的观点

Aviad Chen
举报内容
A combination of risks on an application is more risky than a single failed controls. Use tools that can analyze multiple security aspects of an application (like Posture controls, CVEs, Permissions, Live events that cause threats), and show a single view of an optional Attack Path that combines those risks.

已翻译

赞

4 Compare alternatives and costs

The fourth step is to compare the alternatives and costs of dealing with legacy systems. You should consider the pros and cons of replacing, upgrading, or maintaining the systems and how they would affect your data governance objectives, requirements, and resources. You should also estimate the costs and benefits of each option, including the upfront, ongoing, and hidden costs, such as licensing, maintenance, integration, training, or migration. You should weigh the trade-offs and align the decisions with your business strategy and stakeholders' expectations.

添加您的观点

Jaime Nari?o V, PMP
举报内容
Beyond costs, we must consider the benefits and gains of maintaining legacy systems. Normally we focus on costs and outdated systems. Or the security risks that can arise.

已翻译

赞

5 Implement and monitor actions

The final step is to implement and monitor the actions that you have chosen to address the security risks of legacy systems. You should plan and execute the actions in a timely and efficient manner, following the best practices and standards for data security and governance. You should also monitor and measure the outcomes and impacts of the actions, such as the improvement in security posture, performance, compliance, or user satisfaction. You should report and communicate the results and feedback to the relevant parties and adjust the actions as needed.

添加您的观点

Aviad Chen
举报内容
Look for a tool that doesn't only monitor security and performance, but also suggests remediation steps. That can help you fix the issues found faster.

已翻译

赞

6 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Data Governance

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How can you evaluate the security risks of legacy systems?

1

2

3

4

5

6

1 Identify legacy systems

2 Assess security threats and impacts

3 Evaluate security controls and gaps

4 Compare alternatives and costs

5 Implement and monitor actions

6 Here’s what else to consider

Data Governance

给文章评分

感谢您的反馈

更多Data Governance相关文章

更多相关阅读内容

How can you evaluate the security risks of legacy systems?

1

2

3

4

5

6

1 Identify legacy systems

2 Assess security threats and impacts

3 Evaluate security controls and gaps

4 Compare alternatives and costs

5 Implement and monitor actions

6 Here’s what else to consider

Data Governance

给文章评分

感谢您的反馈

查看其他技能