Transforming security decision making -TEISS® : Cracking Cyber Security

data driven cyber security decisions have many benefits

Information security / Transforming security decision making

Transforming security decision making

Data-driven risk assessment that is based on detailed cyber threat data will enable better security decisions.

Security decisions can be hard to take. Sometimes there is only scant information about possible threats. At other times the “firehose” effect can confuse decision makers and hide damaging incidents in a welter of insignificant events.

A new service from Verizon currently in development at promises to add a powerful tool to the security professional’s armoury.

A combination of cyber security data and insight

The Verizon Risk Report combines three sources of cyber security data:

Together these create an automated and very comprehensive security risk scoring framework that identifies cyber security weaknesses and associated risks on a daily basis.

Alex Schlager, executive director, security services, for global products and solutions at Verizon describes the benefit of this new service as follows: “Security strategies have historically been focused on static defenses. But in today’s fast-evolving security landscape, to be truly effective they need to be dynamic, proactive and adaptable.”

Schlager stresses that businesses can no longer wait for cyber-threats to occur. Nor can they rely on historical security strategies based on yesterday’s threat landscape.  They need to make data-driven security decisions based on today’s threats in order to address today’s gaps in their security posture

Three different cyber threat views

The Verizon tool helps businesses evaluate their current risk profile and calculate the probability of a future breach. In addition, users are given an assessment of potential preventative measures.

Interestingly, the tool comes with three different risk “views”:

  • An ‘outside-in view’ that provides external assessments that includes an analysis of deep web and dark web information
  • An ‘inside-out view’ that adds an analysis of the organisation’s in-house systems to deliver an internal risk profile specific to the organisation’s individual industry
  • A ‘culture and process view’ that adds a human assessment of the organisation’s security policies, processes, culture and behavior, a security “lens” that is frequently ignored

This newly launched tool, combining as it does human analysis, a consideration of organisational culture, and data from a variety of different sources including the dark web is very likely to be a significant asset in the constant and ever more difficult battle against cyber criminals.


Photo credit: Copyright HAKINMHAN under licence from iStockPhoto.com

The following two tabs change content below.
Head of consulting at TEISS Jeremy is a highly experienced author, trainer and consultant who has worked in digital strategy, marketing and cyber security for 25 years. His special area of interest is how people engage with technology, sometimes known as "human factors"

Latest posts by Jeremy Swinfen Green (see all)

Comments

Get the latest cyber news in your inbox

Join our community of cyber professionals today!