Why Does Strategy Matter? The term ‘security strategy’ can be ambiguous and often means different things to different people. Because of this, many organizations do not have a formalized security strategy and those that do may not have an effective one. This is understandable. Managing the day-to-day issues associated with a security program (alerts, audits,…
Read
The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework (https://attack.mitre.org/) is “a globally-accessible knowledge base of adversary tactics and techniques” that is “open and available to any person or organization for use at no charge.” One of the most beautiful parts of the MITRE ATT&CK™ Framework is that its information can be analyzed to…
Read
Too often organizations spend their security budget in ways that don’t necessarily make the most sense for them. Whether this be purchasing unnecessary appliances or securing an overly broad area, wasting valuable and often scarce security dollars isn’t good for anyone, except perhaps those providing the unnecessary services. A risk assessment, as the name suggests,…
Read