Alarm Fatigue

Can alarm fatigue be a problem for the security world? You bet. Security IS a world of beeping flashing lights. Security teams are faced every day with the “properly working beeping devices and the improperly working beeping devices” problem.

Security Operations Management: Metrics that Matter

In my previous blog series on Vulnerability Risk Management, I included a post on “Metrics that Matter”.  I made the statement that in security, we constantly talk about the challenges of showing return on the investment.  Security Operations is one of these areas that can be hard to show a return.  If you have prevented…

Security Operations Management: Control Efficacy

When I started this blog series, I referenced our latest SBIC (Security Business Innovation Council) report – Transforming Information Security: Future-Proofing Processes.  One of the points covered in that report highlighted the need for evidence-based controls assurance.   The need to have a more tangible, fact based approach to measure controls within an organization is fueled…

Security Operations Management: Ninjas and Windows

Describing to a lay person how a “hack” happens is not an easy discussion.   Like many of you, I have fielded over the years multitudes of inquiries from friends and family when something big hits the news.  Since I am the “security guy”, I have to explain how a big company could be hacked and…

Security Operations Management: Castor and Pollux

At the beginning of January, a security flaw was uncovered in the X Windows system that has sat unnoticed almost 22 years.   According to the advisory ‘This bug appears to have been introduced in the initial RCS version 1.1 checked in on 1991/05/10, and is thus believed to be present in every X11 release starting…

Security Operations Management: The White Hat-fields and the McCriminals

Over the holidays between frantic last minute shopping, eggnog and family get-togethers, I caught up on some of my NetFlix queue and watched the TV mini-series “Hatfields and McCoys”. I am not sure of its complete historical accuracy but the series was a deep inspection on how a conflict can spiral into complete and utter insanity very quickly. By the end, I felt sorry for all of the characters – there were no winners in the feud. There were only people who threw away their lives (or parts of their lives) based on the fundamental disagreement of two men – each making a decision based on his own principles. The resulting conflict was of devastating proportions.

Vulnerability Risk Management: Metrics that Matter

In my previous blogs (Vulnerability Risk Management: Let’s not boil the Ocean and Vulnerability Risk Management – It is a Big Deal) in this series, I focused on how important Vulnerability Risk Management is for organizations and the need to take it beyond a compliance task. When you take that next step to use vulnerability identification and remediation as a core piece of your threat prevention strategy, key metrics must be put in place to measure the success.

Vulnerability Risk Management: Let’s Not Boil the Ocean

In my last blog, I discussed the importance of Vulnerability Risk Management. Security professionals know for an IT security organization to protect a company against today’s threats, processes, tools, procedures and enablers must be implemented to create a holistic strategy. The idea of a multidimensional program with a continuous cycle that flows from prevention to detection to response and a feedback loop to ensure that threats are proactively managed is the dream of all CISOs. To wield the power of a proactive and responsive organization CISOs must balance investment across many different needs. While no organization can prevent every threat or patch every vulnerability, the goal should be to identify and prevent as much as possible, effectively detect and respond to active threats, learn from events and incidents, and improve going forward. That is why Vulnerability Risk Management is a key part of a security management strategy. But when you look at this problem, it can seem almost inconceivable that a large infrastructure – that keeps expanding and expanding – can be put in check. So an important thing to keep in mind is to Not Boil the Ocean.

Vulnerability Risk Management – It is a Big Deal

In every organization, there is a universe of devices and a universe of vulnerabilities. Security teams use vulnerability scanners to identify where systems are vulnerable. These scanners produce pages and pages of reports that are given to IT itemizing every system and every vulnerability identified during the scan. IT then needs to address these vulnerabilities on these systems through some patch or a configuration change. Once the fix is applied, the system is secure, right?