Like human hygiene, organizations must maintain regular cyber hygiene for healthy outcomes, but it’s critical they don’t neglect the tools and processes that mitigate cyber risk — the most serious threats to our security — says Bryan Ware in a piece for Network World.
Typically, the discussion around the need for risk management has focused on cyber hygiene and ultimately, compliance. What we really need, Ware argues, is a holistic risk framework and a solid commitment to risk-based measurements in order to accurately understand and defend against the most serious cybersecurity threats facing our country.
Cyber hygiene, although valuable, doesn’t protect against more real risks; these often require something much more analytically sound and scientifically grounded. Additionally, it should ask important questions like “which threats are most likely to occur?” or “what are our greatest vulnerabilities?” Translating these into business terms is key, and measuring them so that risks and countermeasures can be prioritized is essential.