by Anton Chuvakin | October 5, 2015 | Comments Off on Security Planning Guide for 2016
Our team has just released our annual security planning guide: “2016 Planning Guide for Security and Risk Management.” Every GTP customer should go and read it!
Its abstract states: “Technical professionals must make resilience a foundation of digital business. In 2016 and beyond, achieving three important goals — privacy, safety and reliability — will require strong planning and execution in the areas of security and risk management.”
Here are a few fun quotes:
- “An important continuation of last year’s planning is the focus on security hygiene, especially in the form of preventative controls that are known to be effective, and that are often able to adapt to changes in IT. While some traditional controls have or will become less effective, techniques such as removing administrative privileges from endpoint users should not be forgotten.”
- “Discussions on security in digital business should go beyond the usual worries about data breaches and confidentiality, and focus on safety and reliability as well. ”
- “Increasing the use of detection and response capabilities is still gaining importance as attackers are finding gaps in, and ways around, preventative controls. ”
- “Do not pay for the glamour of big data if there is a low chance of benefiting from the investment — especially if the very definition of “benefiting” is unclear.”
- “Increase focus on user activity and access monitoring in systems and applications, because any attack must perform privileged operations or access resources to achieve its goal.”
Much of the stuff in our document is, of course, not new, but has been highlighted as important by recent events. Also, some things – while not truly new – may be new to some organizations that are just waking up to the needs of information security (or “cyber“, if you have to call it that). And, finally, some stuff – like OT and IoT security – is new.
- Security Planning Guide for 2015
- Security Planning Guide for 2014
- Security Planning Guide for 2013
- Security Planning Guide for 2012
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.