The Best Security Reacts Quickly to Change
I’m certainly not above lifting verbatim research that I believe is helpful to security and compliance practitioners. And the title of this post was lifted from Gartner’s John Pescatore’s post entitled “Who Moved My Soap – The Best Security Reacts Quickly to Change.” Now I could go forth with all sorts of don’t drop the soap in DisneyWorld jokes, but that would obscure the real point, which is not about Pescatore’s hygienic preferences.
Security professionals are not driving the ship. The business folks are. So security folks that are resistant to the ebbs and flows of business will not be successful. We have to face the reality that we (as security professionals) need to adapt our defenses both to the actions of our adversaries, as well as the reality of our businesses. Budgets come and go, projects are re-scoped, and priorities change. That’s business. That’s life. Deal with it.
But you cannot adapt in a vacuum. In order to react quickly (which sounds very similar to my personal REACT FASTER mantra), an organization needs to understand what they are looking for. That means they need to be monitoring as much as they can, establishing what is “normal” in their environment and then watching for what is NOT normal. Things change all the time, but if you don’t know HOW they are changing, there is no way you’ll be able to understand WHY things have changed, and therefore you’ve got no shot to address the issue…before it’s too late.
Oh yeah, did I mention I’m a big fan of security monitoring?
