Coping with Security Sensory Overload

Published On: May 26, 2017

May 26th, 2017
Ed Snodgrass, CISO, Secure Digital Solutions

Like most in the security industry, I read extensively – both technical and non-technical information. It’s virtually impossible to keep up with everything, but it comes with the territory. Add to that the plethora of security-related data you receive from your enterprise tools and technologies, and it makes for a soul-crushing wave of data that must be processed, evaluated and potentially put into practice. How do we keep track of it all? And more importantly, how do we decide if it’s relevant to our mission?

Ideally, it would be fantastic to be able to instantly react and respond to everything out there, but it’s just not possible. Certain events and threats must be addressed immediately, however the majority must be analyzed and that takes time. While pinging my security teams for status every time I saw, heard or read something might give me some added measure of assurance, it wouldn’t make their lives very pleasant and we all know there’s a talent shortage out there. So rather than focusing on individual controls and countermeasures (unless the situation specifically warrants it), I find that it’s more effective to look at my security capabilities using critical process measurement and management and then assess the influx of information against that barometer.

Phishing, for example, represents a significant threat to the enterprise. This is well known, and the techniques used by bad actors continue to be refined. Analyzing every email that potentially makes it through the secure email gateway is a job for security pros, but isn’t a responsibility I pay forward to my business users. Analysis and adjustment happens first at the process level. What part of the process allowed this to happen? Was it technical? Procedural? Once it’s addressed, how will that change the process – a component of which, for example, is training and awareness. My users (for the most part) know to look at headers and naming conventions and use ‘if in doubt, throw it out’ as a rule of thumb. But if this is something new, I’ve got to incorporate that into every component of the process – from filtering to end-user training. Once that’s successfully completed, I’m able to measure the increased effectiveness of that process – showing upward (or downward) trending over time.

Obviously, it’s not that simple but it gives me a basis from which to measure and manage the capabilities of my security organization and that can be used both to run operations day-to-day and communicate to the C-Suite and Board. Our leaders don’t expect to be briefed on every individual threat and piece of information out there but they do expect me to ‘have things covered’ and be able to show evidence to back it up.   I can’t do that unless I’m able to cope with the ever-present sensory overload.

TrustMAPP helps me do that.

Browse These Topics


Assess Company's Security Readiness automate and visualize information security risk management better understanding of their information security management boost the confidence of board members boost the protection of your data corporation’s information security create a security roadmap cyber attack Cyber defense experts cyber security determining cyber risks developing security programs across the business Easy to Understand Data Security Solution effective cyber security software Effective Data Security Measures Good Cyber Hygiene guide development of a strong information security high quality cyber security tools house being robbed Identify Potential Security Weaknesses information security dashboard information security management information security managers information security platform Information Security Programs maintain advanced cyber security maintain the control and strength of your firm’s cyber security manage security programs success Managing information security prioritize security functions professional information security Progressive Data Security Solutions Proposing solutions to cyber threats reliable cyber security platform reliable information security dashboard responsibilities of a CISO risk assessment software stay ahead of potential cyber threats strengthening your company’s security measures strength of your company’s information security strong information security programs vCISO Visualization of Information Security Risk Management Visualize Information Security Risks visual representation of security risk in an organization