(Image: Pixel-Shot via Adobe Stock)
My wife and I recently became homeowners. In the weeks leading up to the move, we spent a lot of time going through our belongings to decide what to keep, what to give away, and what to throw away or recycle.
During this process, it struck me that despite the fact I'm organized and don't like to accumulate "stuff," I could probably eliminate 50% to 75% of what I have and never even notice. I bet that's true for many of us. It got me thinking about what's important in life, and for me that's health, happiness, family, friends, and freedom.
And because security is such a big part of my life, I quickly realized how the moving exercise related, too. As security professionals, we should ask ourselves: "What is truly essential?" I'd like to discuss this question as it applies to five specific areas within the security profession.
Alerting With so many security organizations suffering from alert fatigue and drowning in false positives, it begs the question, "Why do they find themselves in this situation?"
Often, the answer is the organization has not taken the time to think about what is truly essential for alerting. Many organizations have alerts that were built organically – someone put in one set of alerts, a vendor recommended another set of alerts, management requested these alerts, there was an incident once that resulted in those alerts, etc.
The result of this tactically driven alert building is usually a lot of noise in the form of false positives. Wo ..
Support the originator by clicking the read the rest link below.
