Is risk management philosophy as we know it good enough?
What do we know in the current risk management philosophy? Categorize all systems and set up a level of risk number. Then set up an "important data" ranking number.
Following is an example with number system from 1 being low 5 being highest level.
SystemA risk number 5 important data 5
SystemB risk number 2 important data 2
SystemC risk number 4 important data 4
Risk management philosphy/strategy says that in a limited resources environment we have to do what we can and focus on SystemA since it is valued higher.
The problem is that in the 2014 risk environment SystemB will get hacked, and eventually SystemC will get hacked and now that the criminals are in the network we will get hacked in SystemA as well.
So what has risk management bought us? It has ensured that we got hacked, since we deliberately did not spend the time and resources in defending the whole network.
So from now on defend it all and up your game or just save all your money and get ready for the lawsuits.
Oversitesentry Blog post discussing a new security environment
Contact Us to discuss the security of your network in the new 2014 security risk environment (in a few days it will be 2015 security risk environment).