Email us hello@itlab.com
General Enquiries 0333 241 7689
Manchester Support 0161 925 7777
London Support 020 7030 3999
Insights

Blog

Informed, researched and occasionally controversial: but above all helpful. Browse our blog topics by IT Lab’s subject matter experts and partners.

F

Cybersecurity, Cyber Security / 3 minute read

The MAS Information Technology Pyramid: How It Helps Your Security

The Three Fundamentals of Information Technology

Cyber specialist Neil Gibb explains the MAS Information Technology Pyramid and how it’s beneficial to your security. 

The MAS Information Technology Pyramid

First Things First: What’s MAS?

MAS - a Managed Assurance Service is a recent addition to our portfolio of security services. In brief, we assess and benchmark your organisation’s security posture.

Rather than trying to do everything at once, MAS is conducted over four quarters. Typically, there will be things we’ll do and things you’ll need to do.

For example, we’ll deploy security tools to test your environment and look at how cyber aware your users are. We’ll identify where your widest security holes are and guide you on how best to plug them.

MAS aligns with the UK Government’s Cyber Essentials scheme. The good news is that if you implement all our recommendations, you’ll achieve Cyber Essentials (CE) PLUS certification by the end of the year. 

CE PLUS is a respected badge which will demonstrate to the world – and your customers – that you take cybersecurity seriously and can be trusted.

Okay, So What’s a MAS Information Technology Pyramid?

It’s one of the tools we use when assessing an organisation’s cybersecurity. The pyramid consists of three points. Each point, or corner, represents a fundamental element of IT: functionality, usability and security.

Imagine the pyramid represents your company and that you’ve placed a ball inside it. As the ball moves around and gets closer to one of the corners, e.g. usability, it gets further away from functionality and security.

Case Study using the MAS Information Technology Pyramid

During a recent MAS assessment on a client’s site, the pyramid quickly revealed they were geared towards usability and functionality. By making life as easy as possible for their users, they hadn’t considered security.

For example, user accounts had been configured with full administrative privileges and no passwords. Systems had no disk encryption and were scheduled to download updates in the middle of the night, so as not to interrupt users during working hours.

The users thought this was great. It gave them the ability to jump from one system to another without having to log in or out. At the end of a shift, they switched off the system without a second thought.

The consequences of working this way are serious. Something as simple as a lost laptop – through which anyone can access the company’s systems and data - could be catastrophic. 

Some Closing Thoughts on MAS

Of course, as a security professional, I would prefer to see the ball placed firmly in the security corner of the pyramid. However, when considering a real-world configuration that allows companies to go about their daily business, this is impractical.

In conclusion, it’s a balancing act. Make choices with an awareness of the consequences. If you’re prepared to accept greater functionality with some loss of security, do so in full knowledge.

As a MAS security consultant, I consider the needs of the business before offering remediation advice. There’s no blanket, one-size fits all. 

Our MAS assessments include a full Gap Analysis. It takes time and conversations to understand our clients’ business needs. This enables us to formulate a plan that’s best for them.  

In the beginning, some clients can be sceptical. However, we quickly see them inputting into the security direction of their company and enjoying great improvements.

For my part, it’s great to see the results unfolding in real-time and placing the pyramid ball in the right place for the needs of the organisation.

Discover more about reducing your cyber risks and how we can help improve your business' cybersecurity.

The State of Cyber Security eBook Link

 

*Neil Gibb was employed by the IT Lab group at the time of writing.

Email subscription image

Never miss out on insights

You may also like...