Top Six Security and Risk Management Questions
Recently, Gartner put out a report on the top 10 inquiries regarding security projects. The report is based on their analysis of over 10,200 client interactions covering relevant security and risk management topics from July 2018 through January 2019 (see the research here).
Interestingly enough, Trustedsec has heard similar inquiries regarding product offerings in discussions with our clients. Here are some of the topics we get the most questions on:
- For Detection and Response, we are seeing a tremendous amount of Blue and Purple team engagements, also referred to as Adversarial Detection and Countermeasures, along with Attack Path Coverage and Attack Path Effectiveness assessments around the MITRE ATT&CKTM framework. TrustedSec utilizes these threat-focused approaches to assess organizations from an adversary's perspective, which is a whole new way of improving the efficacy, efficiency, and consistency of detection and response.
- On the Vulnerability Management side, penetration testing still reigns supreme, but organizations are beginning to see the value in having an Operations Security Performance Review to work through the tactical aspects of advanced security processes. This type of tactical performance measurement provides a foundation where more specific categories of risk can be identified and relayed.
- Security Incident Response is one of the most popular topics of discussion in recent memory. TrustedSec has built up the resources and capabilities of the Incident Response team to meet increasing demands, with a slew of Incident Response retainer requests and tabletop exercise requests. A tabletop exercise is a simulated, real-world situation led by a facilitator, where an organization can interact with and react to events as they unfold in a classroom-style setting. Also new to the docket are Incident Response Program Assessments, which identify and improve existing security program elements as they relate to the proper functioning of Incident Response.
- For Business Email conversations, the Office 365 blog is still widely popular, and customers continue to inquire about Office 365 Assessments. Additionally, we are regularly responding to a variety of incidents in this space with phishing attacks and email-only approvals for financial transaction approvals. Small businesses frequently fall prey to wire fraud, where an employee will follow instructions to wire cash to fraudulent accounts.
- Cloud Security Posture discussions are also common, as some cloud testing is included in our Penetration Tests. Demand for integrating traditional infrastructure with cloud infrastructure is obviously increasing, and organizations are asking for cloud technology to be a part of their Maturity Assessments as the environment changes over time.
- Privileged Access Management has also been increasingly part of the findings for program maturity reviews and has led into several discussions around Security Program Building, the Virtual CISO offering, and identity and access management program building. With a large amount of system logins for each user, adding, modifying, or removing them manually can consume valuable resources--and is prone to errors. When a threat arises that involves a privileged user account, the whole organization can be at risk.
Of course, all of these are covered to some degree in our Information Security Program Assessment, which also addresses two other trends Gartner is seeing. First, security teams are challenged with prioritizing the security projects that have the most impact to the organization. Second, organizations are struggling when implementing new technologies without first having the foundation or base capabilities to make them successful. Clients are leaning on Security Program Building and/or Virtual CISO services for this since building a mature, fully functioning security program is no easy feat! Many of the early adopters are still exploring the remaining inquiries, and once these issues become more widespread, they will continue to need assessment and review over multiple domains.