Gartner: 2018 Planning Guide for Security and Risk Management
Our team has just released our annual security planning guide: “2018 Planning Guide for Security and Risk Management.” Every Gartner GTP customer should go and read it (in fact, the above link requires just such a subscription…)The abstract states: “Although security has been a major challenge for digital business for many years, recent events mark a shift in security incident and compliance trends. This shift will require technical professionals to practice strong planning and execution of information security initiatives for 2018.”
Here are a few quotes (admittedly, they do not do this broad doc any justice):
- “Despite the strong enterprise focus on malware protection, recent ransomware incidents have caused significant business impacts, partly because enterprises have concentrated on data breaches, not sabotage. These incidents also reflect continued weakness in security hygiene.”
- “The number of security regulations is also rapidly increasing, mostly in the form of geography- or industry-specific compliance mandates related to protecting PII. But, none have as much potential impact as GDPR, which is front of mind for many organizations. […] Some organizations are even hesitant to invest in new security initiatives because of this uncertainty.”
- “Stay the course with a pragmatic approach to cybersecurity technology and practices. Avoid making radical changes just because of uncertainty from emerging compliance mandates and current attacks. Understand the minimum required security baseline, and supplement it with controls that are known to be effective against a wide range of threats and attacks.”
Much of the stuff in our planning document is, of course, not new, but has been eternally challenging. So, perhaps some of you would be offended that we say “do OLD stuff better” vs “do NEW stuff” a lot.
Read the entire article here, 2018 Planning Guide for Security and Risk Management
Via the fine folks at Gartner.