Tuesday, 22 May 2012 08:56 3041No Commentshttp%3A%2F%2Fblog.q1labs.com%2F2012%2F05%2F22%2Fthe-security-risk-assessment-where-strategy-gets-put-to-the-test%2FThe+Security+Risk+Assessment%3A+Where+Strategy+Gets+Put+to+the+Test2012-05-22+13%3A56%3A14Heather+Howlandhttp%3A%2F%2Fblog.q1labs.com%2F%3Fp%3D3041

Posted by Heather Howland in Cybersecurity, Risk Management, Security Intelligence

What would you do if someone was repeatedly trying to break in your front door?  Would you add an extra lock and hope that was enough? Would you completely ignore the back door?  If you lived in a neighborhood where lots of homes had been broken into, would you do some research to see what the common entry points were and maybe take some precautions to better address those risks-  even if your house had been safe so far?

I’d like to think you’d do just about anything in your power to protect your home, and definitely your business.  But finger crossing and dead bolt- equivalents seem to be the approach a lot of organizations take when it comes to security, especially network security. Those organizations are resting on hope; hope that they won’t be targeted by a cyber attack, hope that no disgruntled insiders will take a shot, hope that their network security analysts won’t miss something in the piles of log data being generated every minute, and hope that their first generation solutions are working good enough to catch modern attackers.

Earlier this week I read an article in Network World about the failure of CSOs to properly evaluate risk in their security strategy.  It asked the important question- “what happens if your security strategy doesn’t work?”  I’m betting there’s a lot of organizations out there who don’t know the answer to that question, and if they did, they wouldn’t be happy.

To truly be secure, you need to know where your vulnerabilities are and then figure out how to fix them.  Your team needs to be prepared to identify and respond quickly to attempted and successful breaches (because inevitably, some will get through).  They also need to know how to minimize the damage that can be caused by an incident.  They need to be able to find the who, the what, the when, the where and most importantly, the how- and they need this information in real time!  This is the essence of Security Intelligence. Do you have it?