It’s almost an inevitability at IT security conferences that some speaker will break out the Sun Tzu quote about knowing your enemy and yourself to avoid disaster in battle. But in this day of threat intelligence feeds and cyberawareness, all too often the emphasis is put on intelligence-gathering about the adversary. Meanwhile, the more obvious and often more available data about oneself remains unharvested.
At the recent UNITED Security Summit, two banking executives from a top 25 U.S. financial institution (who shared best practices on the condition of not naming their employer) challenged that lack of self-awareness, advising fellow practitioners to take a deeper dive into readily available data about their systems, users, and patterns in their environments to improve their risk management strategies with meaningful action. That process starts and ends with what Kelly White, vice president and information security manager, called a security Q&A for an organization.
via Know Thyself Through Data-Driven Security Q&A — Dark Reading.