INDUSTRY INSIGHT
Is the inability to baseline systems crippling cybersecurity progress and oversight?
Having limited insight into an organization’s security posture debilitates decision-making at every level. Currently, government leaders must rely on what is available — namely, audit results — – to decide how to prioritize their defenses. Without the ability to actively measure and prioritize risk, defenders at an operational level don’t know where to focus. At an executive level, appropriations and policy decisions are delayed.
Baselining is an under-appreciated and not-well-implemented security control that enables more mature security organizations to achieve a higher level of security. Why are so few agencies doing it?
In many cases, an agency’s security program is developed around and within numerous constraints posed by legacy systems, organizational processes and the near-term pressures of achieving compliance. But these considerations, as important as they are, can cloud thinking when, in reality, a sound, holistic security strategy is needed as the starting point. Once…
