Roger Grimes on Prioritizing Cybersecurity Recommendation – Cyber Tech
Roger Grimes on Prioritizing Cybersecurity Recommendation
This can be a good level:
A part of the issue is that we’re continuously handed lists…checklist of required controls…checklist of issues we’re being requested to repair or enhance…lists of recent initiatives…lists of threats, and so forth, that aren’t ranked for dangers. For instance, we are sometimes given a cybersecurity guideline (e.g., PCI-DSS, HIPAA, SOX, NIST, and so on.) with tons of of suggestions. They’re all nice suggestions, which if adopted, will scale back danger in your setting.
What they don’t inform you is which of the beneficial issues may have essentially the most influence on greatest decreasing danger in your setting. They don’t inform you that one, two or three of this stuff…among the many tons of which have been given to you, will scale back extra danger than all of the others.
[…]
The answer?
Right here is one huge one: Don’t use or depend on un-risk-ranked lists. Require any checklist of controls, threats, defenses, options to be risk-ranked in accordance with how a lot precise danger they are going to scale back within the present setting if applied.
[…]
This particular CISA doc has at the very least 21 most important suggestions, a lot of which result in two or extra different extra particular suggestions. Total, it has a number of dozen suggestions, every of which individually will seemingly take weeks to months to meet in any setting if not already achieved. Any particular person following this doc is…rightly…going to be anticipated to judge and implement all these suggestions. And doing so will completely scale back danger.
The catch is: There are two suggestions that WILL DO MORE THAN ALL THE REST ADDED TOGETHER TO REDUCE CYBERSECURITY RISK most effectively: patching and utilizing multifactor authentication (MFA). Patching is listed third. MFA is listed eighth. And there’s nothing to point their capacity to considerably scale back cybersecurity danger as in comparison with the opposite suggestions. Two of this stuff will not be like the opposite, however how is anybody studying the doc presupposed to know that patching and utilizing MFA actually matter greater than all the remainder?
Posted on October 31, 2024 at 11:43 AM •
0 Feedback
12 well-known AI disasters – Cyber Tech
5 issues safety groups have to know in regards to the newest MOVEit Switch bug – Cyber Tech
Microsoft says Russian hackers focusing on company IoT units – Cyber Tech
About The Author
admin
Azeem Rajpoot, the author behind This Blog, is a passionate tech enthusiast with a keen interest in exploring and sharing insights about the rapidly evolving world of technology. With a background in Blogging, Azeem Rajpoot brings a unique perspective to the blog, offering in-depth analyses, reviews, and thought-provoking articles. Committed to making technology accessible to all, Azeem strives to deliver content that not only keeps readers informed about the latest trends but also sparks curiosity and discussions. Follow Azeem on this exciting tech journey to stay updated and inspired.
