As the number and complexity of security threats continue to grow exponentially and the strike time continue to shorten, security organizations find themselves unable to scale their response using existing resources, processes, and tools. To overcome the challenges, the Chief Information Security Office (CISO) is adopting a "risk-based approach to security".
Risk-based security can be defined as having access to near real-time information that accurately describes the security and compliance posture of an organization with drill down capability to a single asset (e.g., system, application). The gathered information should include sufficient knowledge about threats, vulnerabilities, resources / assets, and the significance of the interactions between the three components.
This white paper provides insights into how to aggregate, assess, respond, and report threats and consequently remediate based on criticality of the risk associated to the business.
Related Items
PCI DSS 2.0 & Virtualization - Are You Compliant?
Continuous Compliance: A Better, Faster, Cheaper Way to Comply