Anything of value within the company will have tend to be on the move. Money, information and the goods all move in various directions which makes it hard to keep an eye on them and also makes them vulnerable to attacks.
This is a security nightmare as this movement is usually paired with routine. Something moving is easy to get/hit/grab/steal/change as it has lost many advantages realted to stability. Something moving within a pattern and at regular intervals can be a dream for anyone with questionable motives.
Trying to constanly monitor moves and trying to find alternative routes is hard unless the good has a certain value for example a gold mining operation in Russia constantly changes its shipment method between land, rail, sea and air because they can afford it. As we don’t have unlimited ressources we will have to accept certain risks and things moving in a pattern might just be one of them. The least we have to do then is to be aware of the things that move, their values (for us and for the bad guys), when they are most vulnerable, etc…
Because it came up: things don’t always have the same value for us and for others. Your customer list can be taken for granted by your Sales Team and yet be a very valuable asset fort he competitor’s salesman.
Back to prioritization then, what moves and what’s it worth? You will see that even by doing this part of the work you will find movements and exposures you don’t really need thus avoiding the risk related to them altogether.
Subscribe to:
Post Comments (Atom)
MITRE ATT&CK Gerçek Hayatta Ne İşimize Yarar?
Rusya kaynaklı siber saldırılar webinarı sırasında üzerinde durduğum önemli bir çalışma vardı. MITRE ATT&CK matrisini ele alıp hangi...
-
Elektromanyetik sinyal yayan cihazların güvenliğinin sağlanması için geliştirilmiş bir standarttır. “Telecommunications Electronics Mater...
-
Bilgi güvenliği konusunda proaktif bir yaklaşım oluşturabilmek için düşmanı doğru tanımak çok önemlidir. Zafiyet yönetimi programı oluşturm...
-
APT İngilizcesi Advanced Persistent Threat olan ülkemizde ise “gelişmiş sürekli tehdit” veya “hedef odaklı saldırı” olarak iki farklı şekil...
No comments:
Post a Comment