Our team has just released our annual security planning guide: “2014 Planning Guide for Security and Risk Management.” Every GTP customer should go and read it!
Its abstract states that “Planning for security and IT risk in 2014 requires supporting and balancing game planning, fortification, search and destroy, and (counter) intelligence approaches.”
Here are a few fun quotes:
- “Advanced attacks and malware get more common, but basic weaknesses remain most common.”
- “Gartner sees a steady increase in the cases where clients break with security tradition such as the “firewall sandwich,” encrypting everything at rest, and must-patch”
- “Visibility (also referred to as situational awareness) is key for finding such [i.e. left from advanced attacks] attack indicators, which must then be fed back into prevention, detection and response systems.”
- “Some of the indicators are unique to, or first seen at, a specific organization during a targeted attack. Therefore, organizations operating in particularly high-threat environments should consider additional capabilities to proactively analyze their security data and hunt for threats and attacks.”
BTW, please don’t hold it against us, but the document mentions the word “cybersecurity” a few times …
P.S. I am at Gartner Symposium now and thus my response to blog comments may be slow.
Past guides from GTP SRMS team (i.e. us):
Security Planning Guide for 2014