Threat modeling allows an organization to assess the threat landscape.
With organizations globally focused on making the most of digital transformation, it’s important for them to place as much emphasis on cybersecurity.
That’s according to Herjavec Group‘s latest Cyber Conversations for the C-Suite Report. Robert Herjavec, Herjavec founder and CEO, and Shark Tank star, surveyed his executive team on how context-based identity programs, industry-specific threat modeling and security orchestration, automation and response (SOAR) tools play a pivotal role in securing digital transformations.
Adam Crawford, vice president of managed services at Herjavec, tells us the report points to challenges and opportunities for MSSPs and other cybersecurity providers in that enterprises are moving very fast to incorporate tools and technologies for both internal and customer audiences, and in most cases security teams are left to catch up to these business requirements, he said.
The three top conversations security professionals should be having are around identity, threat modeling and SOAR, he said.
“Threat modeling allows an organization to assess the threat landscape and understand how threat actors would target their organization, allowing them to understand the security controls in place to detect or respond to potential tactics employed by threat actors,” Crawford said. “Organizations can measure their ability to detect and respond to identified threat vectors, and how effective their employed controls are to manage the risk.”
SOAR can assist in automating some of the manual work performed by security operations personnel, allowing an increased mean time to detect (MTTD) in respect to a potential incident, he said. In addition, the orchestration functionality of SOAR allows for integrated access to the security controls used to protect the organization and potential automatic configuration of the security control in respect to execution of a specific playbook.
In addition, it’s important to build a context-aware security program that focuses on the identity of the user accessing the data, according to Herjavec.
The most common mistakes made by organizations when adopting a digital transformation strategy are not including the security group during the inception of the project and having them as an important stakeholder throughout the life cycle of the project, Crawford said. Usually the competitive demands and rush to get to market result in the security group being an afterthought in the digital-transformation process, he said.
Herjavec recommends having three key conversations with your executive team this year in order to prepare for the inevitable digital transformations facing your enterprise:
“Digital transformation isn’t new, and it certainly isn’t bad,” Herjavec said. “It’s important to understand that as enterprises embrace digital transformation, their security measures must evolve in response. The CIOs and CISOs I meet daily are challenged to manage the risk associated with these digital transformation efforts.”
The Path to Business Transformation
White Hat Capital Partners: MobileIron Has ‘Bright Future’ Without Ivanti
Pryfogle Leaves Pax8, Starts New CX Business
Election 2020: 9 Ways Cybercriminals Are Trying to Steal Your Vote
Juniper Networks to Buy 128 Technology for AI-Driven WAN
Digital Transformation: Why There’s No Going Back
SMB Cybersecurity Still Lacking Due to Misperception About Attacks
Cybersecurity Toolkit: ISAO Analyses and Threat Intelligence Feeds
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.