While intelligence is a critical component of a mature security program, it should not drive security. A risk-driven approach provides a much more comprehensive and scientific approach that allows organizations to keep pace with today’s sophisticated threats.
As long as the “hikers and bear” analogy is told in boardrooms we will have difficulty communicating the value of a proportionate security model where we design security measures for different types of adversaries with different types of objectives.
Although home is where the heart is, it’s important to remember not to devote the overwhelming percentage of security resources to your home geographic area if that’s not where the overwhelming amount of your business and its assets are located.
The transition from a compliance-driven check-box approach to a risk-based model, enables businesses to centralize the ongoing definition, evaluation, remediation, and analysis of their risk posture in a closed-loop process.