Organisations have been using one of three approaches to managing enterprise security in their organisations:
- Compliance-driven – driven by auditors and compliance frameworks (frequently doing the bare minimum required);
- Incident-driven – where security incidents catch the attention of executive management and result in firefighting, only to die out over time and to be resurrected by another incident;
- Intelligence-driven – developing real-time knowledge of threats and a security posture of the organisation against these threats, to allow the development of actionable intelligence information.
I believe the intelligence-led approach to security will allow organisations to be reasonably prepared in an ever-changing threat environment, concentrate resources where needed most, and get the best value for money from security investments – although it will not necessarily cost less than in the other two approaches.
The Security for Business Innovation Council has published an excellent paper on the intelligence-led approach to security. The document shows, in a six-step roadmap, what organisations should do in security to deliver this intelligence-led method.
The six steps it details are:
- Starting with basics.
- Making the case to executive management when asking for resources.
- Finding the right people with the right skills to run intelligence-led functions and tasks.
- Build sources to tap into external, open source, corporate or government sources, and internal data sources.
- Defining the process.
- Implementing and automating as the amount of the data makes it uneconomical to be processed and presented manually.
Read more about intelligence-led security
- Security Think Tank: Security intelligence needs a plan
- Security Think Tank: Intelligence-led security is more efficient and effective
- Security Think Tank: Intelligence-led security is about risk management
- Security Think Tank: RASP – a must-have security technology
- Security Think Tank: Using big data for intelligence-led security
- Security Think Tank: Proof of intelligence-led security is in the metrics
- Security Think Tank: Intelligence-led security could give IT pros the edge
I do not want to go into great detail about the method here, as the paper makes worthwhile reading for security and business executives, but I do want to highlight one aspect of intelligence-led security that stands out for me: the need for information sharing.
An incident that one organisation may see should be shared with others in a structured and confidential way. Cybercriminals share information about us, so there is a case for us to share information about them and their techniques, motives and actions.
In summary, intelligence-led security is the only sustainable approach to security, and we all need to work together to move away from the compliance-based and/or firefighting approaches we have had for so long.
Vladimir Jirasek is a member of the Cloud Security Alliance (UK).
This was first published in June 2012