Security Think Tank: The only sustainable approach to security is intelligence-led

Organisations have been using one of three approaches to managing enterprise security in their organisations:

1. Compliance-driven – driven by auditors and compliance frameworks (frequently doing the bare minimum required);
2. Incident-driven – where security incidents catch the attention of executive management and result in firefighting, only to die out over time and to be resurrected by another incident;
3. Intelligence-driven – developing real-time knowledge of threats and a security posture of the organisation against these threats, to allow the development of actionable intelligence information.

I believe the intelligence-led approach to security will allow organisations to be reasonably prepared in an ever-changing threat environment, concentrate resources where needed most, and get the best value for money from security investments – although it will not necessarily cost less than in the other two approaches.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The Security for Business Innovation Council has published an excellent paper on the intelligence-led approach to security. The document shows, in a six-step roadmap, what organisations should do in security to deliver this intelligence-led method. 

The six steps it details are:

1. Starting with basics.
2. Making the case to executive management when asking for resources.
3. Finding the right people with the right skills to run intelligence-led functions and tasks.
4. Build sources to tap into external, open source, corporate or government sources, and internal data sources.
5. Defining the process.
6. Implementing and automating as the amount of the data makes it uneconomical to be processed and presented manually.

I do not want to go into great detail about the method here, as the paper makes worthwhile reading for security and business executives, but I do want to highlight one aspect of intelligence-led security that stands out for me: the need for information sharing. 

An incident that one organisation may see should be shared with others in a structured and confidential way. Cybercriminals share information about us, so there is a case for us to share information about them and their techniques, motives and actions.

In summary, intelligence-led security is the only sustainable approach to security, and we all need to work together to move away from the compliance-based and/or firefighting approaches we have had for so long.

Vladimir Jirasek is a member of the Cloud Security Alliance (UK).