Security does not end with Implementing Controls

This article has been indexed from (ISC)² Blog

In cybersecurity, threat actors are relentless. To keep systems safe, we need a process of controls to oversee the entire chronology of a potential attack scenario – protection before an attack happens, effective mitigation and correction during an attack, and recovery afterwards. The tools of defense are vital, but not enough. Organizations need to decide how to deploy these tools, how much to spend, how to train people, and how to ensure they maintain compliance with industry standards and governance/risk (GRC) requirements. Security controls must be organized and described in a way that non-IT people – employees and executives alike…

Read the original article: Security does not end with Implementing Controls

Liked it? Take a second to support IT Security News on Patreon!
Become a patron at Patreon!