Learning how to build your decision-making capabilities according to CORE.
Introduction
Cost-effective Operational Reliable Effective, CORE Technology Security involves only what is required to manage technology risks specific to each organization, no more and no less. By emphasizing CORE, declare the objectives and build to those objectives. Regarding security, CORE enables organizations to have 100% accurate asset inventories, proactively manage vulnerabilities, detect threats to each technology, respond to exploits (accidental or otherwise), and maintain business operations while recovery activities are underway.
Organizations should emphasize efforts to complete CORE Decision only after Inventory, Remediation, and Detection capabilities are built. Once those are done, work on CORE Decide, and complete your TechSecOps capabilities. Once your completed with CORE Decide, then you will be ready to complete your security operations program.
Summary
Technology Security Operations, or TechSecOps, is an approach focusing on building a CORE technology security program that emphasizes security operations first and deploying automation when and wherever possible to simplify security. Additionally, this level-setting program emphasizes doing the bare minimum to meet security objectives. CORE is not a compliance process; if built correctly, it will be compliant.
In this decision video, I explain the objectives to building a CORE decision making capability including the processes, tools, and services to make rapid-fire, trusted security decisions, in any sized organization.
Comentários