How our Information Security Dashboard enables us to report technical hygiene status

Almost daily, the world of information security changes, introducing new, more complex, and sophisticated threats. For organizations, maintaining a strong security posture takes many kinds of security practices, but one of the most important and fundamental is carrying out good technical hygiene (often called cyber hygiene) to keep data safe and secure from outside attacks.?

For Accenture, technical hygiene covers information security control compliance on devices, cloud services, and applications throughout the company’s technical infrastructure.

In a world of zero-trust architecture, it’s important to have a well-instrumented technical hygiene system. We use many tools to scan, measure, and monitor our hygiene. Our Information Security organization needs to identify technical compliance issues related to infrastructure and communicate necessary changes and issues to our individual infrastructure owners.

To enable us to report hygiene status, we developed an Information Security Dashboard.

What is the Information Security Dashboard?

The Information Security Dashboard provides a single view of all vulnerability and infrastructure compliance reporting at Accenture. Taken a step further, it provides a single view of issues attributed to Accenture-managed assets created by drawing data detected from the many tools we use to scan, measure, and monitor Accenture’s technical hygiene and consolidating that data. The dashboard is the central place that organizes,and highlights what needs to be fixed, and identifies actions that teams need to take.

?

The beauty of the Information Security Dashboard is that all the data from our security tools flows into one central location where Information Security local admins and compliance leads can see a full picture of their own assets and security posture. The dashboard is organized and permissioned by infrastructure owner. For each infrastructure area, it shows what needs to be corrected and drives remediation by assigning ownership, enforcing SLAs, and providing solution materials in a single place. An added bonus is that reporting is near real time. As new scans and data arrive, it updates.

How does it report?

The Information Security Dashboard data integration and rules engine are unique and differentiating, transforming data to create a common-issue format reporting on such areas as:

·????? External vulnerabilities

·????? Insecure HTTP

·????? Native cloud services

·????? Device configuration compliance

·????? Out of compliance servers

·????? Security tools not installed and working

·????? Missing assets or attributes

·????? Internal vulnerabilities

·????? Application vulnerabilities

The dashboard pulls data from more than 20 sources including asset inventories (in our case, an application information repository, security inventory automation, and native cloud services) and security tools. And it's extensible—as we acquire new tools, we can easily add that data on demand.

Making tech hygiene actionable

The Information Security Dashboard makes tech hygiene reporting real and actionable. I love having one place that shows, organizes, and prioritizes. The dashboard is today an essential tool to enabling our people to keep up with tech hygiene, and in turn, bring attention to critical issues and drive remediation of vulnerabilities posing risks to Accenture’s security posture.