I know when you hear in the news or read an article that this company was breached your first thought is that is terrible, but what if that report isn't so bad! Now, if you are in business, you know information security plays a crucial role in your business, but making a profit is key to your survival. So, in exchange for being in business and making a profit, you must accept some risk. Along with that risk you accept, you should be putting controls in place to monitor those accepted risks. When you detect a breach, it means that your controls are working as they are supposed to. The bigger question must be how long did it take to detect the breach. If the detection time was short, the chance of that being a large breach is small, however if the time was long, then you have a problem. If you know where your risks are, then you know where your monitoring must be. Breaches are not a bad thing, but undiscovered breaches are terrible and will be more costly the longer they go undiscovered.
Jeramie Taylor
Comments