Many of the security disasters in today's enterprises are born not of brilliant cyber villainy, but through the sort of simple mistakes that employees make when rushing, taking shortcuts, or generally just getting lulled into security complacency. When you read through the major breach stories, there is usually something at the root that was eminently avoidable. ...
Security practitioners have long preached risk management principles -- and more specifically threat management -- as a way to help organizations understand, rank and prioritize threats against their environment. The key goal of these risk management activities is to balance the cost of protective measures and achieve gains in mission capability by protecting their IT systems. However, though a primary goal of any threat assessment is determining "probability of occurrence" or "likelihood," we frequently see that likelihood is the one area organizations consistently fail to measure correctly.....
..."This is a sign of things to come" said Steve Idelman - CEO of Solutionary a leading security firm. Cyber warfare strategies, tactics and weapons are relatively new. One thing is certain, given the increased number and sophistication of the tactics used in cyber attacks, cyber warfare capabilities are at the top of military wish lists of an estimated 140 countries. Cyber war is now a part of modern warfare.
"I agree that the threat landscape continues to grow unabated. There are new attack vectors as well as weaponization and automation of attacks. The pace of innovation from the threat landscape is picking up, making it quite difficult for organizations not focused on security to stay up to date. This is something that a Managed Security Service Provider (MSSP) provides."
- Solutionary's Don Gray
Software suites that integrate governance, risk and compliance tools (usually referred to as IT-GRC) are being hyped by vendors and abetted by analysts as the next great wave of IT management solutions.
Combining these functions under one roof, IT-GRC packages promise to enable corporate management to ensure the organization is meeting enterprise risk-management goals and complying with requirements set by regulators and business partners. ...
...That, and the ever-increasing volume of data collected on consumers, is worrisome, says Mike Hrabik, chief technology officer at Solutionary, a computer-security firm in Omaha, NE. "Are companies using that information incorrectly, and are they giving it out inappropriately? I'm sure that's happening. Should we be concerned? Yes."...
