How your organization’s security posture is much like your health
Recently I was speaking with a CISO of a mid-sized organization about their upcoming plan to test their security environment and I asked him when was the last time they performed this type of test. His answer was it has never been tested before and this would be the first attempt. I then asked why is this the first time performing such a test and his response was the organization wasn’t doing enough to exercise its security prowess through testing. I was struck by how that process can be equated to taking care of yourself. What I mean by that is that testing your security environment is a lot like exercising. If you think about it further, having good genes, eating right and exercising are similar to your security environment in the following ways:
- Good Genes = existing security infrastructure: Although you inherit your genes from your family, you could also inherit a security posture from your predecessor however, unlike your genes, you can change your security posture.
- Eating Right: I see this relationship to mean ensuring your security posture is given a fighting chance to be at it can be by providing an automated and orchestrated process to known and unknown threats that attack everyday. This means ensuring your environment is receiving the necessary updates to ensure it is capable to detect and address these threats.
- Exercise: Testing, testing, and more testing is similar to exercising – the more you exercise/test, the more your learn about how your environment detects, classifies and responds to threats.
I think the key takeaway is ensuring your organization is protected is an ongoing process – much like your health – and it requires the appropriate attention and support to be healthy. These are just my perceptions and I welcome your feedback and thoughts.
Patrick Zanella, Security Practice Lead – Integration Partners
I can be reached via Twitter (@patzanella) or via email firstname.lastname@example.org