We?re moving from a philosophy of ?security knows best to security needs to know better about the business before it can know what to do,? said John Pironti (@jpironti), President of IP Architects, LLC.
Pironti knows best about this subject as he curated the risk management track at Interop in Las Vegas this year. In between sessions I spoke with Pironti as to what has changed over the past year with regard to risk management.
Pironti stressed the need for a data focused approach. You can?t be everywhere, doing everything, but if you can understand what could happen, why, and when, and apply metrics to it, then you can take logical approaches to understanding business impact.
Security used to get by just knowing threats. That?s not enough anymore, explained Pironti. You have to know threats, risks, the viability of them happening, and then their impacts to the business.
?If this situation was going to happen, what would it mean,? asked Pironti. How would it actually affect the business? Once you have that knowledge, and specifically data to back it up, you can build security models based on that. It?s a more symbiotic relationship that the business can embrace, not run away from.
Stock photo of risk management egg courtesy of Shutterstock.
This post was written by?
David Spark has contributed 112 posts to The State of Security.
David Spark is a veteran tech journalist and founder of Spark Media Solutions, a media consulting and production company. Acting as the "media" of "social media," Spark Media Solutions helps its clients be seen as leading voices in their field through brand-quality media production and distribution through top tier media channels.
blazing saddles lsu alabama lsu game lsu game beezow doo doo zopittybop bop bop cordova demaryius thomas
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.