One Article Review
| Source |  taosecurity |
|---|---|
| Identifiant | 2007124 |
| Date de publication | 2020-10-31 16:11:10 (vue: 2020-10-31 20:13:37) |
| Titre | Security and the One Percent: A Thought Exercise in Estimation and Consequences |
| Texte | There's a good chance that if you're reading this post, you're the member of an exclusive club. I call it the security one percent, or the security 1%. This is shorthand for the assortment of people and organizations who have the personnel, processes, technology, and support to implement somewhat robust digital security programs, especially those with the detection and response capabilities and not just planning and resistance/"prevention" functions. Introduction This post will estimate the size of the security 1% in the United States. It will then briefly explain how the security strategies of the 1% might be irrelevant at best or damaging at worse to the 99%.A First Cut with FIRSTIt's difficult to measure the size of the security 1%, but not impossible. My goal is to ascertain the correct orders of magnitude. One method is to review entities who are members of the Forum of Incident Response and Security Teams, or FIRST. FIRST is an organization to which high-performing computer incident response teams (CIRTs) may apply once their processes and data handling meet standards set by FIRST. I learned of FIRST when the AFCERT was a member in the late 1990s. I also assisted with FIRST duties when Foundstone was a member in the early 2000s. I helped or sponsored membership when I worked at General Electric in the 2000s and Mandiant in the 2010s. I encourage all capable security teams to join FIRST.Being a FIRST member means having a certain degree of incident response and data handling capability, and it signals to the world and to other FIRST teams that the member entity is serious about incident detection and response.As of the writing of this post, there are 540 FIRST teams worldwide. Slightly more than 100 of them are based in the United States. To put that in perspective, there are less than 4,000 publicly traded companies in the US. That means that even if every single US FIRST member represented a publicly traded company -- and that is not the case -- FIRST representation for US publicly traded companies is only 2.5%. Beyond FIRSTSome of you might claim FIRST membership is no big deal. My current employer, Corelight, isn't a member, you might say. Perhaps you could argue that for every US FIRST member, there are 9 others which have equivalent or better security teams. That would increase the cadre of entities with respectable detection and response capabilities from 100 to 1,000. That would still mean an estimate that says 75% of publicly traded US companies have sub-par or non-existent security programs.Remember that we've only been talking about a population of 4,000 publicly traded US companies. The US Small Business and Entrepreneurship Council estimates that there were 5.6 million employer firms in the United States in 2016. Let's sadly reduce that to 4 million to account for the devastation of Covid. |
| Envoyé | Oui |
| Condensat | the beyond i if introduction this one perhaps rather speaking that the these to 000 100 190 1990s 2000s 2003 2010s 2016 2019 2020 2021 249 400 401 462 500 540 644 900 ability about accenture account accrue actions activities actual actually add advantage advise afcert affect again air all almost already also american among analogy: and/or annual another answer any apply appreciate appropriately are argue around ascertain assets assisted assortment assume assumed attacks audiences away back based beating became because been being bejtlich beliefs believe benefits best better big bitglass blog blogspot blue brief:i briefly business businesses but cadre call can cannot capabilities capability capable case certain certified cfp challenge chance check: child cirts ciso claim classes club college com come community companies company compile compromise computer concerns conclusionreaders consequence consequences conservative contributed conversations copyright corelight correct could council councillet count countermeasures covid crazy creates curious current cut cyber damaging data dbir deal decent defend defending degree denominator designation detect detection determining devastation developing difficult digital diluted discussions doing dollars dominance due during duties early earn easy either electric elite employ employer encourage end ends entities entity entrepreneurship equip equivalent especially essentially estimate estimates estimation etc even ever every example exclusive executives exercise existence existent explain exploitation featured feel finance financei financial firms first firstit firstsome focus foes force forms fortune forum found foundstone free from functions future gatherings general generous give global goal good google gotten group grouping had handling has have having help helped here high highest history hopefully how however idea implement implemented impossible incident included increase incredible indicators innovators insights intelligence intruders iocs irrelevance irrelevant isn job join just know late later leaders learned least leaves less let level leverage light like likely list lists little lockheed look lot low lower magnitude mailing make makes manage mandiant many martin may mean meaning means measure meet member members membership message method methods might million mindshare money moneyland more most move name nature need neither non nor not nothing now number numbers obviously offers once one only options order orders organization organizations original other others out outlook overseas par part penetration people percent percent: percentso percentwhat performing person personal personnel perspective pests philosophical pillage place planned planner planning point pool poor population post practitioners prepare preserved prevention preying private probably problem processes program programs propose provided providing publication publicly pursuit put pwc qualify ratio reading reality realize really recognize red reduce reduced reduction remember report report4 reporting reportremember represent representation represented requires resilience resist resistance/ respectable respond respondent responding response responses retirement review rich richard right robust roughly rudimentary sadly same sanity save saved savings say says 75 second secured security see sense sensitive separate serious set shorthand signals simply simulated single situation size sized slightly small someone somewhat specialized sponsored stand standards state states statistic statistics:1 statisticsto status step stock strategies stretched struggle sub such summary3 support survey tactics take taking talking taosecurity taxes team teams technology terrible testing than that that 38 them them: themselves then there these think third those thought threat through throughout toe too tools total traded trust tuition twitter ultimately united use used vehicle verizon very victims want way web webinars well what whate |
| Tags | Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.