A Proactive Cybersecurity Paradigm
By Daniel DeCloss, CEO, PlexTrac, Inc.
Cybersecurity is hard, and attackers are relentless. The job of protecting an organization from cyber threats can feel overwhelming and stressful. The industry is short on talent and inundated with tools, vendors, and snake oil that further complicates the approach to building an effective security program. Despite these challenges, the expectations placed on the security team is to deliver a mature product that protects the organization’s most critical assets. So, what can a team do to ensure they provide the value the organization expects with the limited resources of time, budget, and talent? This article cannot possibly claim to provide the complete answer to that question; however, we will discuss the paradigm shift needed with the most important piece of your security program – assessments.
We use the term assessment very purposefully. A security assessment is truly any activity conducted to determine the efficacy of security control. Examples of assessments include penetration tests, vulnerability scans, risk assessments, compliance assessments, security questionnaires, etc. All of these activities have the purpose of identifying gaps in security controls and yet they are often disjointed activities and spread across multiple departments. Thus, the current assessment paradigm involves multiple assessments by multiple teams (internal or external) where security issues and gaps get identified and then handed over to engineers or analysts responsible for investigating and ultimately remediating the risk. This is a perfectly logical approach, but too often it is highly ineffective. The time it takes to conduct an assessment, deliver the findings, remediate the issues and then reassess the issues can take months if not years. Additionally, this is a reactive approach to cybersecurity. In a world where threats and exploits change by the minute, we propose a better solution ..
Support the originator by clicking the read the rest link below.
