The Need For Agile Risk Management

How Traditional Controls Fail Where Learning Systems Succeed

The world of cybersecurity has changed. Cybercriminals today target organizations and unleash a torrent of malicious files and attacks that flood an enterprise until a breach occurs. They have learned to automate the production of malicious code and vary it just enough to create never-before-seen or unknown attacks. Many businesses, whether small, mid-sized, or large, have been infiltrated without detection. Today’s risk management leaders need agile defenses that quickly adapt to these new demands and stay ahead of attacks.

Yet, threats are only part of the story. The ever-changing technology landscape adds complexity for the CISO, CIO, and IT leader.

The 9 Box of Controls Concept

A simple yet powerful framework, the 9 Box of Controls, looks at IT controls, including control types and automation approaches, the overall control architecture, and the significance of control friction on business productivity. It allows people to better assess the value and impact of information security controls on an organization. The concept was introduced with the publication of Managing Risk and Information Security: Protect to Enable and has taken root among IT leaders across industries and geographies. As the concept gets shared with more businesses of every type, it drives security from a tactical conversation into a strategic, evergreen discourse about security spending, resource allocation, and long-term planning.

IT controls consist of any mechanism, policy, or procedure employed by an organization that affects the management processes for risk and security. IT or application controls seek to ensure that software used for processes, such as payroll, document sharing, or remote content access, are properly maintained, used, and protected. The control architecture consists of types of controls and automation levels. The right control architecture enables improved threat management. As new attacks appear, IT can’t stop the bad and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Malcolm Harkins and Jesse Theodore. Read the original post at: