After taking an informal and unscientific poll, the most hated security question is, “Are we secure?” Only slightly better is, “Are we secure against known threats?” It’s rarely asked the second way. Both are dreaded – particularly in the boardroom.
Trend and Insights
Resilience experts introduce the idea of using influence diagrams to visually capture the essence of security events for deeper conceptual understanding. Influence diagrams are a powerful way to represent the qualitative essence of the structural relationship between events and outcomes, whether those events are decisions we make or events outside our control (uncertainties).
A defensible security budget is a set of allocated costs that serve the strategic objectives of the organization based on a choice of controls that maximize capital efficiency in an uncertain world. Allocated costs support actions intended (but not guaranteed) to carry us to a goal. Strategic objectives relate to why an organization exists at all, and capital efficiency relates to the wise and productive use of cash in a risky world.
To be successful in this digital economy, a company must now be Cyber Resilient and integrate its risk mitigation, risk acceptance, and risk transfer so it can take a hit without impacting its ability to deliver value.