Transforming security decision making

Transforming security decision making

data driven cyber security decisions have many benefits

Data-driven risk assessment that is based on detailed cyber threat data will enable better security decisions.

Security decisions can be hard to take. Sometimes there is only scant information about possible threats. At other times the “firehose” effect can confuse decision makers and hide damaging incidents in a welter of insignificant events.

A new service from Verizon currently in development at promises to add a powerful tool to the security professional’s armoury.

A combination of cyber security data and insight

The Verizon Risk Report combines three sources of cyber security data:

Together these create an automated and very comprehensive security risk scoring framework that identifies cyber security weaknesses and associated risks on a daily basis.

Alex Schlager, executive director, security services, for global products and solutions at Verizon describes the benefit of this new service as follows: “Security strategies have historically been focused on static defenses. But in today’s fast-evolving security landscape, to be truly effective they need to be dynamic, proactive and adaptable.”

Schlager stresses that businesses can no longer wait for cyber-threats to occur. Nor can they rely on historical security strategies based on yesterday’s threat landscape.  They need to make data-driven security decisions based on today’s threats in order to address today’s gaps in their security posture

Three different cyber threat views

The Verizon tool helps businesses evaluate their current risk profile and calculate the probability of a future breach. In addition, users are given an assessment of potential preventative measures.

Interestingly, the tool comes with three different risk “views”:

  • An ‘outside-in view’ that provides external assessments that includes an analysis of deep web and dark web information
  • An ‘inside-out view’ that adds an analysis of the organisation’s in-house systems to deliver an internal risk profile specific to the organisation’s individual industry
  • A ‘culture and process view’ that adds a human assessment of the organisation’s security policies, processes, culture and behavior, a security “lens” that is frequently ignored

This newly launched tool, combining as it does human analysis, a consideration of organisational culture, and data from a variety of different sources including the dark web is very likely to be a significant asset in the constant and ever more difficult battle against cyber criminals.

Photo credit: Copyright HAKINMHAN under licence from

Copyright Lyonsdown Limited 2021

Top Articles

Usability and email security

When employees understand how their behaviour impacts email security, they become much more efficient at detecting scams, preventing data breaches, and protecting sensitive information.

The pen testing guide you never thought you needed, until now…

Security testing should be at the centre of any cyber strategy,

Institute of Cyber Digital Investigation Professionals launched

CIISec & College of Policing are announcing the independent launch of the Institute of Cyber Digital Investigation Professionals (ICDIP)

Related Articles