Intelligent CIO Europe Issue 4 - Page 98

t cht lk “ MEASURES MUST BE TAKEN TO ENSURE THAT THE DATA BEING USED IS OF THE HIGHEST QUALITY SO THAT THE DISCUSSION CAN MOVE ON FROM THE QUALITY OF DATA TO THE RISKS THAT NEED TO BE ADDRESSED. now being evaluated on how well I could reduce IT risk from security, measure that reduction and sustain it. needed to do in order to fulfil this: access to the right information at the right time, trust in the data I was using and automate as much of the process as possible. Before delving into how we might approach measuring and sustaining risk reduction, it might be useful to compare the past. Getting the right information If we go back, say 20 years, what were the key security risks/threats we were dealing with? I suspect most of us would have answered: patching, vulnerabilities, too much access and the like. In other words, doing the basics of security (i.e. enterprise cyber hygiene) well. And if we asked the same questions today, or looked at the root cause of most breaches today, many of us would answer the same way. Getting to the right information was a big hurdle. For each security area I focused on, I had to consolidate all of the relevant data. That sounds easy but has proven to be much more difficult than anticipated. Bringing data together from disparate security and other tools and unifying/ normalising that data is not easy and can be very t R67V֖r6VVFV@FV6RFRFFvFƖRb'W6W70FWF2vVw&7&F6ƗGFFP6WF2F2v2גf'7B&WfVF6Bǐf7W2FRWvW7B&6&VBGf6V@F&VBFBv2WBFW&RVVFVBFf7W0FR&672b6V7W&GFV&RגFVЧFfRVVvFRFvWBFFRFW7@F&VG26F2'F6R2B&WBFRFW7@Gf6VBF&VBN( 2&WBFR&672࣓DTĔtTD4𤦖FvvWGBU2f6R&W6FVBB44B6VW WrFBF&V6RFW&44BVFW'7FBFR67FB&62א&v6FvVBVVBF&R&RFG&6BF"ג7FFRBvfVFRFW&RvW&RBV7BF&VRFw2FVvBbvR&RFR'VFVBFV662vBFfBvBBFvRW7BfPFR&vBf&FF&&F6RFPf&FN( 2B&WBfrWfW'Fr'WBfrFR&vBFw2FB7B&VGV6P&6f"FRF"VBwwrFVƖvVF66