Implementation Guidance Can Be Crucial

This is the second post in a three-part blog series authored by Suzy Lopez, Security Engineer at NBCUniversal, discussing their ongoing efforts with TPN and the benefits we bring to service providers in the media and entertainment industry. Read the first blog post here.

The analogy of building a chair can help illustrate the importance of implementation guidance and understanding in implementing the best practices correctly. Just like in this scenario, if someone is given a pile of wood pieces, nails, and a hammer without any instructions or knowledge of how to use the tools correctly, the result could be an improperly constructed and potentially unsafe chair. 

Similarly, in the context of security best practices, providing clear guidance and explanations is crucial to ensure that service providers understand how to implement the controls correctly. This not only helps them meet compliance requirements but also ensures the effectiveness and safety of their security measures. By offering comprehensive instructions and support, even individuals without prior expertise can navigate the complexities and successfully implement the necessary security controls.  

Security controls can be perceived differently based on someone’s experience. One may assume a control can be met if their operating system collects logs, but the control aims more on separate logging technologies. The implementation guidance collectively addresses an internal auditing approach, methodologies, and consideration but does not detail processes or procedures. With this balance, it helps and guides correctly without being too overwhelming. 

This will also help service providers properly prepare for an assessment and feel secure this is what an assessor will be looking for.  

Check back again next week for the last post in this three-part series, where I’ll offer some suggestions on approaching the security controls when preparing for a TPN assessment.