I will cut right to the chase. One of the most important aspects of securing enterprise assets for the Fortune 500 is the maturity of managements visibility into relevant threats to the business and pairing this with vulnerabilities that exist. Make no mistake, compliance and regulatory requirements are very important, but has nothing to do with managing information security risks.
I witness the same mistakes over and over with organizations. The single thing that keeps CSO’s (Chief Security Officers) awake at night is what they “don’t” know. The Fortune 500 are typically best positioned to address these concepts, but most are struggling with some type of resource constraints or on the other side of the equation, explosive growth due to expanding business operations or the merger and acquisition of a new company. In either case, a gap in one or more of these areas is very common. In today’s global economy and the pervasive and relentless nature of relevant threats, it is important to stay focused on the variables that provide the best return on investment and is in alignment with the risk culture of the organization.
Can you imagine what the security posture of any organization may be if:
Management is faced with unparallelled pressures to perform for their investors as well as for their employee’s like never before. Considering the pervasive and dynamic nature of real threats in today’s global economy, a recipe for undesirable events to occur is more likely than we would like to accept. In closing, I ask that you rate yourself on a maturity scale from 1 to 10 on each of the variables that I outlined above and then take action on the most relevant and weakest area.
I always welcome your input and comments.