Security Experts:

Connect with us

Hi, what are you looking for?


Risk Management

Three Pillars for Operationalizing Cyber Risk Detection, Prevention, and Response

Breaking down silos created by individual security products and streamlining collaboration between security and IT operations remains the biggest cyber risk management challenge facing organizations. This finding is based on feedback from leading security executives during a recent multi-city tour organized by the CISO Executive Network.

Breaking down silos created by individual security products and streamlining collaboration between security and IT operations remains the biggest cyber risk management challenge facing organizations. This finding is based on feedback from leading security executives during a recent multi-city tour organized by the CISO Executive Network. The biggest concerns for security practitioners in defending against cyber-attacks are centered in three core areas: Identification, Prioritization, and Orchestration of Remediation. Their ultimate stated objective is to operationalize cyber risk management and implement a pro-active, rather than reactive, approach to cyber risk detection, prevention, and response.

Organizations face an uphill battle when it comes to cyber security, as the attack surface they have to protect has grown significantly and is expected to balloon even further. While it was sufficient in the past to focus on network and endpoint protection, nowadays applications, cloud services, mobile devices (e.g., tablets, mobile phones, Bluetooth devices, and smart watches), and the Internet of Things (e.g., physical security systems, lights, appliances, as well as heating and air conditioning systems) represent a broadly extended attack surface. According to the 2015 Global Risk Management Survey, 84% of cyber-attacks today target the application layer and not network layer, requiring a more holistic approach to cyber security.

This “wider and deeper” attack surface only adds to the existing problem of how to manage the volume, velocity, and complexity of data generated by the myriad of IT and security tools in an organization’s network. The feeds from these disconnected systems must be analyzed, normalized, and remediation efforts prioritized. The more tools, the more difficult the challenge. And the broader the attack surface, the more data to analyze. This approach requires legions of staff to comb through the huge amount of data to connect the dots and find latent threats. These efforts can take months, during which time attackers can exploit vulnerabilities and extract data.

This situation is being aggravated by the fact that, according to ISACA, a global IT association, the industry is facing a shortfall of a million security professionals globally. For most organizations, the prospects of hiring the staff needed to aggregate, normalize, and analyze the vast amount of data needed to assess cyber risk exposures are slim.

Breaking down existing silos and automating traditional security operations tasks with the help of technology has therefore become a force-multiplier for supplementing scarce cyber security operations talent.

To successfully operationalize cyber security practices, progressive organizations are turning to new emerging technology that serves as an aggregation and orchestration layer that sits on top of their existing IT and security tools, and assists in the Identification, Prioritization, and Orchestration of Remediation of cyber risks.

Let’s take a deeper look at each of these three pillars:


In order to understand what remediation actions are needed to minimize an organization’s cyber risk exposure, identification is the first step. With many organizations overwhelmed with the volume, velocity, and complexity of internal security data, it has become crucial to streamline the identification process. This step has become the Achilles heel of day-to-day security operations for many companies.

The use of human-interactive machine learning engines can automate the aggregation of data across different data types; map assessment data to compliance requirements; and normalize the information to rule out false-positives, duplicates, and enrich data attributes.


In the past, the majority of organizations primarily focused on their internal security posture when it comes to cyber security and therefore had a difficult time prioritizing their remediation actions based on business criticality. By leveraging emerging technology, organizations can place internal security intelligence, external threat data, and business criticality into context to derive a holistic view of risk posture across networks, applications, mobile devices, etc. In this way, security teams can determine what imminent threats they face from cyber adversaries, and which ones present the highest threat to the business.

Orchestration of Remediation

Increasing collaboration between security teams which are responsible for identifying security gaps and IT operations teams which are focused on remediating them, continues to be a challenge for many organizations. Using the cyber risk management concept as a blueprint, it’s possible to implement automated processes for pro-active security incident notification and human-interactive loop intervention. By establishing thresholds and pre-defined rules, organizations can also orchestrate remediation actions to fix security gaps. Meanwhile, cyber risk management provides a way to measure the effectiveness of remediation actions and ensure risks have been successfully eliminated.

To increase remediation effectiveness, emerging cyber risk management tools also provide playbooks that include step-by-step instructions on how to tackle the most critical vulnerabilities. The intelligence-driven cyber risk management model also mandates a closed-loop remediation process, which assures that a ticket is only closed once the effectiveness of a patch has been revalidated. Unfortunately, many organizations close out tickets as soon as a patch is applied without testing whether it actually fixed the problem. This leaves them vulnerable to a big blind spot if the patch failed.

By implementing these three main pillars, organizations can operationalize their cyber security practices to shorten time-to-detection and ultimately, time-to-remediation of cyber threats.

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.


More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...