What’s in the CISO Toolbox?

Published On: April 20, 2017

What’s In the CISO Toolbox?

April 20th, 2017
Ed Snodgrass, CISO, Secure Digital Solutions

The number and type of cybersecurity tools has exploded.  It’s virtually impossible for a security executive to stay current on what’s available.  Because of this, rather than adopting new products, it’s common practice for companies to continue to leverage and update what’s in place or choose a large vendor that has a deep and varied set of technologies.  Both approaches have benefits.  But both approaches have potential pitfalls as well.  Continuing to adapt current tools and controls minimizes wholesale change and leverages familiarity, but may lead to passing up something that may significantly bolster your risk mitigation strategy.  On the other hand, partnering with a large portfolio vendor may provide broad functionality and smoother integration but may run the risk of having to mold your capabilities around the tool set instead of using the tool set to support and automate your capabilities.  It’s not uncommon for organizations to employ upwards of 50 security tools with as much as 50% of the functionality within those tools going unused.  How do you decide?

There are some good sources.  Reaching out to your trusted peer network is a good start.  We’re all battling the same challenges (on differing scales), and the feedback from and discussion with fellow security leaders goes a long way toward determining the enterprise viability of a particular technology that’s based on real-world experience ‘in the trenches’ versus a perfect-world pitch.   Information sharing entities are beneficial as well.  The various Information Sharing Analysis Centers (ISACs) provide an environment that fosters collaboration and best-practice across industries.

These (and other places) are great examples of gathering background information to help in making technology decisions but ultimately, you have to make the decisions based on what you need and what will work in your environment.   And technology is only as good as the processes it enhances and the objectives it accomplishes.  Get back to basics by analyzing, evaluating and improving the performance of your core processes, allowing you to determine where technology can provide the best enhancements.

We can show you where you need tools and how your resources should be applied.

TrustMAPP.com

Browse These Topics

Tags

2022 Cyber trends analyze your security data Assess Company's Security Readiness automate and visualize information security risk management better understanding of their information security management boost the confidence of board members company’s Internet security corporation’s information security create a security roadmap cyber attack Cyber defense experts Data Security Tactics determining cyber risks developing security programs across the business Easy to Understand Data Security Solution effective cyber security software financial data stolen Good Cyber Hygiene guide development of a strong information security high quality cyber security tools house being robbed Information Security Best Practices information security dashboard information security management information security managers maintain advanced cyber security maintain a successful security roadmap maintain the control and strength of your firm’s cyber security manage security programs success prioritize potential threats prioritize security functions professional information security Progressive Data Security Solutions reduce cyber vulnerabilities reliable cyber security platform reliable information security dashboard responsibilities of a CISO stay ahead of cyber security threats stay ahead of potential cyber threats strengthening your company’s security measures strength of your company’s information security victim of a cyber security breach Visualization of Information Security Risk Management Visualize Information Security Risks visual representation of security risk in an organization