Tag Archives: leadership meetings

Know Data, Insist for Data

Blog, Understand Business, ,

Avoid fixing problems that don’t exist. It is imperative that decisions (and opinions) are made based upon data and facts. There was a time in information security industry when data was not readily available. A number of reliable sources of data are available now and there is no reason to make decisions based upon market hype, aggressive vendor marketing, or personal likes/dislikes. Some of these data sources include research reports from security vendors, industry analysis, and online data gathering web sites. All of this can help you make informed decisions. Collecting and mining data from within your organization will also be of great value to you.

Some of the data sources are as follows and there are many more from reputable organizations.

  • Verizon DBIR – Data Breach Investigation Report (DBIR) from Verizon is published on an annual basis and contains result of large number of data breach investigations.
  • Arbor DDoS Survey Report – Arbor Networks publishes a comprehensive survey report about DDoS activity.
  • DatalossDB – DatalossDB is an online source to record known data breaches (datalossdb.org).
  • Analyst Reports – Gartner, Forrester and other industry analysts publish they analysis about information security on an ongoing basis.
  • Security Vendors – Many security vendors including Imperva, Spider Labs/Trustwave, Cisco, Symantec, etc publish their own reports about information security that include useful data.
  • Internal Data Sources – You have data coming from your internal systems including system logs, IDS/IPS alerts, Firewall permit/deny logs, successful/failed logins, Net flow data, FIM[1] and WAF[2] Logs.

Use these data sources for education and awareness in your monthly/quarterly leadership meetings as well as for building business cases for your projects.

Suggested Actions

  1. Subscriptions – Subscribe to external data sources to make informed decisions and build business cases.
  2. Visualization Tools – Use visualization tools and the security data for internal education and awareness purposes.
  3. Bust Wrong Assertions – Insist on data to backup assertions made by information security team members as well by people outside information security. You can save tremendous amount of money and time by avoiding solutions and projects that have little to no value.
  4. Communicate – Communicate data findings to the IT and business leadership. It will bring credibility to the information security team.

[1] FIM – File Integrity Monitoring tools used to detect unauthorized changes to file system.

[2] WAF – Web Application Firewall used for protecting web-based application and eCommerce.