Let’s say you are the CISO or IT security lead of your organization, and your incident response program needs an uplift. After making a compelling business case to management for investment, your budget has been approved and expanded. With your newfound wealth, you focus on acquiring technology that will improve your monitoring, detection and analysis of data traffic.
Has the incident program really improved by the technology acquisition, or is the uplift merely cosmetic? If no other changes have been made to the program, a strong case can be made for the latter. Let’s take a look at why.
The Technology: Don’t Leave a Supercar Sitting in the Driveway
Contrary to the title of this piece, let us start with technology to illustrate the downstream impacts of investment gaps. Firstly, powerful technology is an important pillar of any incident response program. But do not be fooled: technology alone is not an impenetrable shield, and it requires support.
Ask yourself this: are you using cybersecurity technologies as a tool or as a crutch? If it is the former, your program likely also has knowledgeable people and well-defined processes supporting it. But if the program lacks the people and processes, technology is likely acting as a crutch whether you recognize it or not.
People and processes are what eliminate technological blind spots or trouble points, such as the following:
Fragmented or disjointed coverage models
Duplication or conflict of services
No fine-tuning or activation of features
Poor and outdated maintenance.
Automation can take you a ..
Support the originator by clicking the read the rest link below.