Security alerts are valuable beyond the Security Team (part 2)
In part one of this blog we identified that intelligence can be of interest to organizational groups beyond security; now let’s look at the benefits of sharing intelligence.
In contrast to traditional ‘security-as-an-island’ approaches, if we move the conversation from “block this, patch that” to something more meaningful to the business, and provide those other functional groups with insight into the state of the threat landscape, we can become more involved with the risk planning for our organizations and simultaneously enhance our “value.”
Now, let’s take this up a level. Assume, for instance, you are gathering security information about vulnerabilities and threats to your systems daily and want to provide an abstract to the various departmental leaders about what actions you have initiated, and why they are important. A simple regular summary of the threats and vulnerabilities that affected your systems and how you responded not only shows the value of the security team, but also can start conversations that enable you to work more closely with the group leaders to help them test their new applications, provide insight into the direction they are taking their web presence, and, importantly, involve you in the risk management conversation. When security is part of that conversation, the business makes more informed choices about what directions they want to take their offerings. They begin to understand the risk associated, and will add that into their risk vs. reward model.
In the end it really amounts to enhanced protection for the enterprise due to transparency and shared intelligence amongst teams. It also doesn’t hurt showing that the good work we do every day is important because often times we only get called out for good when we put out a fire, not when we’ve done everything right and there is no fire started in the first place.