A Proposed Model for Permanent Change in Cybersecurity
October 04, 2018
In this Security Magazine article, Jim Doggett, CISO & SVP Panaseer asks: Why is it that we keep on doing the same things in security year after year and we expect a different result?
For decades, we have been buying and installing security tools to “fix” our security issues around things such as patch management, privileged access, application vulnerabilities, etc. And yet these issues remain at the top of the list of security risks today.
Assuming our goal is to actually fix security issues and keep them fixed, how might we change our approach to this problem?
The fact is, most CISOs are now being held accountable for measurable and sustainable risk reduction, and not just having fixed a lot of security flaws. This may require ongoing reporting of the risk reduction achieved on a monthly basis. Such KPIs could include the percentage measurement of reduced sensitive data leaving the network month over month, as well as the percentage of enterprise data captured by a DLP (data loss prevention) solution.
You can read the full article here: A Proposed Model for Permanent Change in Cybersecurity.