Enterprises Need to Improve IT Vendor Risk Management

I had the pleasure of attending a presentation given by Dr. Ron Ross, a fellow at the National Institute of Standards and Technology (NIST). Ron’s areas of specialization include information security, risk management, and systems security engineering.

Topics: Cybersecurity incident detection and response

Enterprises Need Advanced Incident Prevention

Given the booming state of the cybersecurity market, industry rhetoric is at an all-time high. One of the more nonsensical infosec banalities goes something like this: Cybersecurity has always been anchored by incident prevention technologies like AV software, firewalls, and IDS/IPS systems, but sophisticated cyber-adversaries have become extremely adept at circumventing status quo security controls. Therefore, organizations should give up on prevention and focus all their attention on incident detection and response.

Now I certainly get the logic of this platitude. Yes, the bad guys do know how to get around our defenses and organizations should in fact improve their detection and response capabilities. But abandon or minimize incident prevention? Poppycock! 

Topics: incident detection and response NAC incident prevention

What IBM Can Learn from Its Own Cybersecurity Business

IBM’s fortunes in cybersecurity improved substantially when it abandoned its internally-focused strategy and built a business to meet customer requirements.

Topics: IBM Cybersecurity incident detection and response

Big Data Security Analytics Can Become the Nexus of Information Security Integration

In a recent ESG research survey, security professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked the following question: How do you believe that your organization will change its security technology strategy decisions in any of the following ways over the next 24 months in order to improve its security management? In response:

Topics: Information and Risk Management Data Management Security and Privacy risk management incident detection and response big data security analytics enterprise security