Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Security Professionals Win When They Can Master Risk Communications

Demonstrating Effective Communication is a Foundation for Effective Security Operations

Demonstrating Effective Communication is a Foundation for Effective Security Operations

A lot of people are talking about security risk right now. A quick Google search reveals articles on risks associated with the Slack collaboration tool, out of date Windows software, 5G network equipment from Huawei, iPhone apps that have been communicating with a malicious server and organizations’ employees. And that’s just the first page! Of course, when these topics make the headlines, security teams inevitably get calls from management, but the nature of these calls is evolving.

Recent analysis by Forrester finds that Boards are maturing in their understanding of cybersecurity and are asking more detailed questions. They don’t just want to know if the latest threat matters to the organization, but how you know that. For Chief Information Security Officers (CISOs) and other security leaders, this means that your ability to communicate effectively about cybersecurity is just as important as your work doing cybersecurity, if not more important. Communication has become a critical component of security operations. 

Speaking about risk using terms like “red, yellow, green” based on factors from outside your organization simply isn’t going to cut it. You must be able to provide greater detail, while communicating in ways that resonate with management and are relevant to the organization. Your ability to do this begins with contextual awareness. In security operations, context comes from aggregating and augmenting internal threat and event data with external threat feeds. By correlating events and associated indicators from inside your environment (for example from sources including your security information and event management (SIEM) system, log management repository, case management systems and security infrastructure) with external data on indicators, adversaries and their methods, you gain the context to understand the who, what, where, when, why and how of an attack.

Now you can prioritize threats based on relevance to your environment which allows you to answer the first question: Is this threat important to our organization? But what is relevant to one company may not be relevant to another. Lots of threat intelligence providers publish “global” risk scores based on their own research, visibility and proprietary methods. Because these scores are not specific to an organization or even an industry, you can’t take them at face value. This easy-button approach generates a “red, yellow, green” or “high, medium, low” score, but it does so in a “black box”, making communications and understanding difficult. In fact, you can’t answer the first question with confidence, and you lack visibility to adequately address the next question: How do you know this? 

You need transparency into how scores are derived, and that comes with the ability to customize scores based on your own set of scoring parameters. These parameters are driven by multiple factors, including: indicator source, type and attributes or context, as well as adversary attributes.

The ability to customize threat intelligence scores allows you to prioritize threats to your organization and reevaluate and reprioritize as new data and context becomes available. It also provides the transparency you need to answer more detailed questions in a simple, clear and relevant way. For example: 

• “Internal data and events indicate some evidence of potential malicious activity. We have taken steps to contain it and are now remediating the affected systems.”  

• “This report will provide you with an overview of an adversary campaign that may be targeting our organization and the type of activity we are currently looking for.”

• “Multiple sources indicate that this particular threat is not currently targeting our industry, but we are continuing to monitor it and have patched the vulnerability it is taking advantage of to infiltrate networks.” 

• “This threat targets systems we have not deployed in our environments, so this isn’t a threat to be concerned about.”   

With a construct for effective communication, you can build trust and engage in a dialogue that offers ample opportunity to showcase the value you and your teams provide. What’s more, when it comes time for budget discussions, you’ll find those conversations go more smoothly as well, demonstrating that effective communication truly is a foundation for effective security operations. 

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.

Funding/M&A

More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem