Newer regulations and industry standards are now mandating a
risk-based approach to security that’s forcing many organizations to transition
from a compliance check box driven approach to a more proactive risk-based view
of security. Risk is made up of many
factors such as compliance posture, threats, vulnerabilities, reachability, and
business criticality. For many years,
businesses have focused on achieving compliance or taking preventive measure to
strengthen their security posture due to endless data breaches. When an organization is focused on strengthening
its compliance posture to pass an audit, they usually look at control failures
and gaps to try to mitigate them.
On the road to risk management, a variety of factors must be
taken into account to derive a holistic view and ensure the efficient alignment
of resources for remediation actions. In
mid-sized organizations, there are dozens of regulations that mandate thousands
of controls that have to deal with hundreds of pages of security findings that
range from vulnerabilities, threats to incidents. With new technology of big data risk
management, it’s emerging to help not only to aggregate compliance, threat, and
vulnerability data but more importantly is correlates data feeds with is
business risk to the organization.