Page 19 - Cyber Defense eMagazine - June 2018
P. 19
SURVIVABILITY
There are more holistic organizational benefits which come from executing security
operations swiftly. Some may consider it liability, others may refer to it as reputation, or
call it PR. But it really includes all of the above: it is the ability for an organization to
favorably survive a serious security incident. The speed at which security operations are
executed says something about an organization’s attitude toward security. When
vulnerabilities are remediated slowly, and when there’s no dedicated effort to detect
intrusion or respond to an incident with urgency, it communicates a lack of priority to the
organization.
When assets and potentially private user data hangs in the balance, it is important that
actions document responsible security handling. Actions should be explainable, and
defensible if necessary. How security operations are conducted should be evidence that
the company places a high priority on security. Should these actions become public,
their reality should serve as a PR asset, enforcing a message to the public that an
organization takes security seriously. Otherwise, lax policies and procedures, or actions
inconsistent with adequate policies and procedures, may have the opposite effect, and
serve to demonstrate neglect. An organization’s mishandling of security operations can
become a bigger damage control problem than the actual security incident in play.
CONCLUSION
In security, it isn’t enough to have policies and procedures defined. It isn’t even enough
to execute on those policies and procedures. Battles against attackers are won by
whomever presses their initiative first. What determines the effectiveness of a security
program is the ability to execute at speed. As security professionals, we are always on
the clock.
About the Author
Brad O’Hearne is a 25-year career software architect /
developer, application security expert, and independent
security researcher.
He resides in Gilbert, AZ and enjoys cycling, soccer, reading,
and spending time with his family.
He is available for consultation and can be contacted at
[email protected].
19 Cyber Defense eMagazine – June 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.