Cyber Canon Book Review:<\/b>\u00a0\u201cA Data-Driven Computer Security Defense: THE Computer Security Defense You Should Be Using,\u201d 2017, by Roger A. Grimes<\/p>\n
Book reviewed by:<\/b>\u00a0Paul Calatayud<\/p>\n
Bottom Line: <\/b>I recommend this book for the Cybersecurity Canon Hall of Fame.<\/span><\/i><\/p>\n Review: <\/b><\/p>\n This book is a must-read for all network defenders. First and foremost, it book is based on the author\u2019s real-world experiences as a cybersecurity consultant. It provides valuable insights into why companies of any size struggle to address their top risks.\u00a0<\/span><\/p>\n Simply put, they don\u2019t know which risks are the most important, and often this means all findings, vulnerabilities and threats are treated equally. They employ too many security technologies and spread their employees\u2019 time thin, resulting in defenders ineffectively handling real-world threats.\u00a0<\/span><\/p>\n If you\u2019re looking for a new approach to disrupt and improve your cybersecurity program, this book is a must-read.\u00a0<\/span><\/p>\n Companies are struggling to implement cybersecurity operations and strategies that can make positive impacts and make cybersecurity efforts more effective. Often, organizations learn their biggest security risks, but fail to take action in a timely manner. Network defenders spend time on too many top priorities or pet projects coming from leadership.\u00a0<\/span><\/p>\n If you had one project you set out to accomplish this year, what would that be? How would you know you\u2019re addressing the top risks to the company? Modern cyber security programs need a data-driven approach to ensure focus on the most impactful initiatives. In some cases, this means stopping non-essential projects in order to make the greatest impact in your network defense programs. Sounds difficult, but data can be your compass.\u00a0<\/span><\/p>\n Security programs need to focus on ensuring they have the right technologies to generate the right level of data. There are several key ways to approach a data-driven cybersecurity approach:<\/span><\/p>\n <\/p>\n <\/p>\n Organizations struggle with prioritization. The result is, network defenders are spread thin and cannot apply the proper time and focus on the most impactful, beneficial work efforts. To make it worse, cyber leaders may change directions, or upper management may read something in the news and want that risk to be addressed. It\u2019s true that awareness of all potential risks that could occur is very important, but without prioritization, awareness can become a pitfall. In this example, the news article was very impactful to the organization affected, but does that translate into the most critical risk and threat to <\/span>your <\/span><\/i>organization?\u00a0<\/span><\/p>\n The overall goal of a data- driven cyber program is to not have to make decisions about which risks are not worth working on and which deserve time and effort. It\u2019s about picking the most impactful, beneficial projects and effects, aligned to the data, in order to deliver a risk-driven, data-driven prioritization to your leadership, board and team.<\/span><\/p>\n The case for data is clear, but recognizing the value of data is only the first step in developing a cybersecurity program that can make data-driven decisions for your organization.\u00a0<\/span><\/p>\n The biggest challenge lies with data itself. Often, organizations have a lot of data. But data quality is not the same as data volume. If your security information and event management (SIEM) software generates millions of events a day, one has to ask the question, how can you manage this? Before you take actions against data, you need to make sure the data you\u2019re collecting has the quality necessary to allow you to make decisions against it. You should:\u00a0<\/span><\/p>\n \u00a0<\/span><\/p>\n <\/p>\n Ultimately, with the right level of data, you are able to take a step back and\u00a0 look at all your assets, data, business tolerances to taking risks. Then you can approach your board with the two or three projects that will address the real risks that are most likely going to impact the business.<\/span><\/p>\n Stop what you are doing and take a different look at how you should be managing your cybersecurity program. You should be able to gather the data you need and formulate priorities and efforts based on the data. It\u2019s a great way to navigate emotions, politics and conflicts that occur within any successful cybersecurity program. The way I like to put it, if you don\u2019t agree with me, you need to convince me otherwise, and you\u2019d better be able to create the data necessary to convince me I need to look at it in a different way. This book is a very real and practical way to help you get into the right frame of mind.\u00a0<\/span><\/p>\n <\/p>\n\n
\n