Home / MALWARE AND THREATS / Identifying Risk, or Finding a Needle in a Haystack
cyber-warfare

Identifying Risk, or Finding a Needle in a Haystack

cyber-warfareRisk management is a hot topic these days. Many industry publications have shifted their focus away from compliance or security to risk management practices. Newer regulations and industry standards are now mandating a risk-based approach to security. This is forcing many organizations to transition from a compliance, check-box driven approach to a more pro-active, risk-based view of security.

Risk is made up of many factors including compliance posture, threats, vulnerabilities, reachability, and business criticality. For each of these, organizations collect huge volumes of data that they need to aggregate, normalize, and then assess for their impact on the business. This can sometimes feel like trying to find a needle in a haystack. So how can risk and security professionals harness the potential of big data to identify risks that threaten the organization most?

SIEM, Honey Pots: Attracting the Needle

For many years, businesses either focused on achieving compliance or taking preventive measures to strengthen their security posture. Endless data breaches have proven that neither approach is necessarily effective in minimizing risk. In fact, you could even argue that for years organizations may have misaligned their resources and funds in fighting threats.

What does this mean? Well, when an organization is solely focused on strengthening its compliance posture to pass an audit, they primarily look at control failures and gaps and try to mitigate them. However, if there is no threat that could reach the vulnerability in the context of the control gap, why bother? The same applies to vulnerabilities discovered by an organization focused on improving their security posture. Even if a vulnerability can be reached by an existing threat, choosing the right remediation method should also take into account whether any compensating controls are in place that might mitigate the risk. Furthermore, any decision related to resource allocation should be driven in conjunction with the business criticality a compliance or security shortcoming poses.

That’s where the rubber meets the road in risk management. In other words, risk management must take a variety of factors (such as compliance posture, threats, vulnerabilities, reachability, and business criticality) into account to derive a holistic view and ensure the efficient alignment of resources for remediation actions. In principal this sounds logical. However, if we just consider threat assessments, an organization can quickly accumulate huge amounts of data from their network, web assets, social media, reputation, etc. that needs to be combed through.

Even mid-sized organizations, are subject to dozens of regulations that mandate thousands of controls and have to deal with hundreds of pages of security findings, ranging from vulnerabilities, threats to incidents. Then these must be correlated with thousands of assets that represent different business levels of criticality. Using human labor, email, Excel spreadsheets, and survey results to transition to a risk-based approach is unfeasible.

Fortunately, new technology – big data risk management – is emerging that helps to not only to aggregate compliance, threat, and vulnerability data, but more importantly correlates these data feeds with its business criticality or risk to the organization. The end result is increased operational efficiency and faster time-to-remediation.

By Torsten George

FacebookTwitterGoogle+Share

About adibsaani

Check Also

malware_keyboard_idg-100311220-primary_idge

The Top 15 Countries for Safe Data Storage

​Switzlerand and Singapore are the respective best and second best nations on earth for safe …

10 comments

  1. You’ve got interesting content here. Your
    site can go viral, you need some initial traffic only.
    How to get initial traffic? Search google for: marihhu’s tips

  2. Asking them questions are really good thing should you be
    not understanding anything entirely, however this article
    offers nice understanding even.

    my web blog … HisakoIBrank

  3. Really whether someone doesn’t know afterward its around other users that they may assist, so
    here it happens.

    my web page RamonSAmenta

  4. Thanks for a marvelous posting! I actually enjoyed reading
    it, you happen to be a fantastic author. I will be sure to bookmark your
    blog site and may eventually return afterwards. I wish to encourage that you just continue your great
    writing, possess a nice evening!

    My web page: CarenNAttard

  5. Things are very open with a really clear clarification of the issues.
    It was truly informative. Your internet site is very useful.
    Thanks for sharing!

    Stop by my site: DaneIArvez

  6. Hmm is anyone else encountering problems with the images on this
    blog loading? I’m trying to figure out if its a problem
    on my end or if it’s the blog. Any feedback would be greatly appreciated.

    Feel free to visit my web page: DustyOWalson

  7. Good article. I am experiencing many of these issues too..

    Also visit my page: SilvaVRoyals

  8. Good website you’ve got here.. It’s difficult
    to find top quality writing like yours currently.

    I honestly appreciate individuals just like you!
    Be careful!!

    My blog post: LulaWMirelez

  9. I was curious if you considered changing the page
    layout of your respective website? Its perfectly written; I adore what
    youve have got to say. But you may could a bit more in the way
    of content so people could connect with it better.
    Youve got an awful lot of text for just having
    one or two images. Maybe you could space it better?

    Here is my homepage; WillHKulback

  10. We’re a team of volunteers and opening a brand new scheme
    within our community. Your website provided us with valuable
    information to function on. You’ve done an amazing job and our entire community
    will probably be thankful to you.

    My website … MyraQRadon

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>