Название: Evidence-Based Security
Автор: Christopher Frenz, Jonathan Reiber
Издательство: O’Reilly Media, Inc.
Год: 2023-05-12
Язык: английский
Формат: pdf, epub, mobi
Размер: 10.1 MB

When it comes to cybersecurity, it has become more than evident in the past few decades that we, as a society, are in a perpetual arms race, which often makes it hard to discern if we could ever “win.” All too often, organizations deploy costly security controls to defend their environments from cybersecurity threats, not knowing whether these controls are in fact effective or measure their ability to provide defense. Looking at annual reports from analyst firms and market researchers, we see that security spending has been growing exponentially, but organizations don’t have enough to show for it. Security leaders called on to justify their spending and demonstrate their success in mitigating risk often struggle to do so, leaving their jobs within four years on average,1 many times due to burnout or in the aftermath of data breaches and other attacks. These factors together point to a need to manage security in a way that can be more structured and measurable. Companies should be able to justify costs and expectations and, through this effort, truly bolster security from the inside out.

This report gives an overview of evidence-based security. It covers a hands-on framework that allows security professionals to make data-informed decisions about the people, technology, and processes that underpin the effectivity of their organizational security programs.

In this report, Christopher Frenz and Jonathan Reiber show CISOs, security directors, and security managers how to transform security from an artform to a science, with evidence-based solutions leading the way. You'll learn how to operationalize the MITRE ATTU&CK framework and enable your team to produce actionable results and meaningful metrics, and measurably improve your security posture.

With this report, you'll learn:

Why more security doesn't always provide more protection, and why compliance alone cannot guarantee security
Ways to justify security spend through proven results
How to use an evidence-based security framework, mapping TTPs with the MITRE ATT&CK knowledge base
The advantages of automating breach and attack simulations, especially as a tool for continuous validation
Evidence-based security metrics that matter, including actionable KPIs for different stakeholders in your organization

Contents:





ОТСУТСТВУЕТ ССЫЛКА/ НЕ РАБОЧАЯ ССЫЛКА ЕСТЬ РЕШЕНИЕ, ПИШИМ СЮДА!