Gartner, Inc. | G00802944
Page 7 of 35
Implications:
The focus of concern with exposure-related problems has shifted away from simply
managing software vulnerabilities in commercial products. The realization of increased
technology risk on such a large scale is overwhelming to security operations teams. Lack
of alignment with business objectives will lead to poor decisions about which issues to
tackle first, which will result in unquantifiable exposure gaps and the potential for security
budget to be wasted remedying issues that will not matter. SRM leaders must use broader
processes for threat exposure management, while balancing already-stretched operations
teams, and creating effective and preagreed remediation mobilization channels to
respond to discovered issues.
Actions:
Siloed acquisition of technology across the business. With more technology
available and accessible than ever before, its acquisition by multiple departments is
hard to track and its ownership difficult to identify. SRM leaders require modern
approaches to respond to, and to mobilize about, discovered exposures that put the
organization at risk.
■
Increased dependency on third parties. Ownership of cyber risk is not something a
business can outsource alongside the other operational capabilities that it can
acquire from a variety of business partners and vendors of software as a service
(SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS). The
number of SaaS applications used by typical organizations has grown rapidly over
the last decade — to approximately 130 SaaS, according to recent reporting.
3
■
Focus on relevant issues by aligning CTEM scope with business objectives. SRM
leaders must aim for visibility into exposures and attract the interest of other senior
leaders by highlighting the issues with the most potential impact on an
organization’s critical operations. They should define a narrower scope for CTEM,
aligned with business objectives, using familiar language and explaining the impact
on the business, not technology.
■
Reduce the number of prioritized issues through validation. Introduce validation
steps and supporting technologies such as breach and attack simulation (BAS) and
automated penetration testing tools. Such tools reduce the burden imposed by the
outputs of exposure assessment tools such as vulnerability assessment (VA)
solutions by highlighting discovered issues that may result from genuine
compromises using real-world techniques.
■
This research note is restricted to the personal use of chenlizhen@qianxin.com.
剩余35页未读,继续阅读
lurenjia404
- 粉丝: 3952
- 资源: 152
我的内容管理
展开
最新资源
- 岩石滑动与断层冲击地压:声发射特征分析
- 新时代煤炭工业八大战略新取向剖析
- 开采强度对华亭矿区冲击地压危险性的影响分析
- 新安煤矿探采对比:影响安全生产的关键因素与技术支撑
- 210MW循环流化床锅炉引风机变频改造优化与节能效果
- 浅埋煤层开采沉陷预测:方法应用与影响分析
- 优化巷道过陷落柱支护方案:数值模拟与现场试验
- 坚硬顶板定向断裂爆破技术:安全高效采煤新方案
- 北航2019算法课作业解析:投资策略与凸子多边形优化
- 断层破碎带垮冒下堆积体边界抗力分布关键影响因素
- 哈拉沟选煤厂优化末煤系统提高效率与处理能力
- 瓦斯涌出影响下采动煤体蠕变失稳研究
- 提升煤矿装载效率的可控箕斗定量装载设备设计
- 水分调控下烟煤瓦斯吸附特性对比研究
- 重介质悬浮液密度控制硬件设计与选型探讨
- 坚硬顶板巷道支护参数设计:现场测试与数值分析
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
