Beyond the perimeter
Amrit Williams
Subscribe to this blog
About Author
Amrit Williams is chief technology officer of Big Data company Quantivo. His previous job CTO at security comany BigFish and has been research director in the Information Security and Risk Research Practice at Gartner, where he covered audit and compliance, vulnerability and threat management, network security and secure application development.
Contact Author
Email Amrit
Twitter Profile
Linked-in ProfileSecurity Out of focus; an incomplete thought
One view does not fit all
Published 12:34, 03 September 10
Someone sent me this quote in an attempt to convince me that we should focus on vulnerabilities and not threats…I don’t think they are mutually exclusive, but here nor there…
"Our data tells us that focusing on vulnerabilities is more effective in reducing risk than focusing on threats. In fact, of nine specific types of threats we examined in our survey, none proved to be statistically significantly related to increased risk, although many vulnerabilities were. The enterprise can do little at best to control threats, especially external ones, but it can do a lot to control vulnerabilities. Focusing on vulnerabilities reduces an enterprise’s tendency to react to what is apparently most urgent - such as the threat reported in yesterday’s newspaper - and helps the enterprise act instead to reduce vulnerabilities that might be exploited by any number of threats. No nation can control the level of the sea, but a nation can build dikes to reduce the vulnerabilities of its lands to high waters; no enterprise can control a sea of external hackers, but an enterprise can plug the holes in its network dike that hackers might otherwise exploit.
In short, vulnerabilities, not threats, are the root cause for high risk exposure, and it’s best to focus on the root cause."
IT Risk: Turning Business Threats into Competitive Advantage by George Westerman, Richard Hunter, page 126
My response: If you live in the Ghetto, what contributes to your high risk exposure, your lack of steel doors and bullet proof glass or the shitty neighborhood you live in that is full of gangs, thugs, crack whores, and meth addicts?
Print
Email
