Organizations have been forced – practically overnight – into remote workforce business models, expanding attack surfaces, and the growing complexity of cyber-attack techniques.
As CISOs, we need to turn the dial from investing in point prevention solutions and trying to articulate what the value is afterwards - to identifying the business risks we need to mitigate first and then focusing on the primary attack scenarios that could cause those risks to happen.
For organizations to defend themselves against an ever-changing threat landscape requires leveraging an Agile detection and response framework as a preventative control, while leveraging readily available tools like MITRE ATT&CK, NIST, and others.
While cyber threats are growing, the skills gap is getting worse, yet the average cyber-security budget is staying the same. So, how do organizations do more with less?
What You Will Learn About
· Demonstrating security KPIs instead of SLAs
· Using the MITRE ATT&CK framework to improve cyber defense
· Assessing your security portfolio from a risk perspective
· Developing a use case factory that allows you to optimize detection & response
· Implementing a hybrid model that improves flexibility in resource allocation
· Applying an Agile methodology to stay ahead in a changing threat landscape