A Risk Management Approach to Information Security

Previous: Securing Your Data at Cloud Scale
Information security is no longer an IT problem. It's a risk management problem.
Writer Danny R.
May 30, 2015

Danny is one of the founders of Terbium and is known around the office for his extended soliloquies and pontifications about the security industry. He blogs about global trends and the importance of knowing where one's data is on the dark web.

It’s not a matter of if, but a matter of when. In fact, when discussing data breaches, it’s not a matter of when will it happen, but a matter of when did it happen. We started Terbium with the thesis that defense, while still necessary, is no longer sufficient. In today’s insecure digital world, your organization’s critical data will always be at risk, whether from a sophisticated outside actor or inside threat. That’s why modern organizations are shifting their information security focus from prevention to risk management.

One example of this shift has been the evolution of the Chief Information Security Officer’s role within an organization. Traditionally, the CISO position was an information technology one that focused on procuring and deploying defensive IT products on an organization’s network. However, more and more the CISO is moving into the risk management part of the organization, focusing as much on planning, remediation, training, and insuring as he or she is on technology and prevention. Planning for the eventual data breach is crucial in today’s environment, and being able to execute that plan as quickly as possible after a breach occurs is the key to mitigating damage.

It’s to this end that Matchlight Data Intelligence becomes a key part of any information security posture. Matchlight alerts organizations to the presence of their data on the internet immediately and automatically, with a particular focus on the dark web. With Matchlight, organizations can discover breaches within minutes rather than months, and initiate their remediation plans before any further damage can occur.

industry September 19, 2019
BREAKING: Scotiabank Leak, Potentially Devastating, Completely Preventable

Early this morning news began to break that GitHub repositories containing application source code, private login keys, and more sensitive information had been discovered online, belonging to The Bank of Nova Scotia, the 3rd...

industry September 06, 2019
Bribes, Bad Movies, and Le Cybergendames - The Month of August in 5 Articles

Each Month Terbium Labs’ Research Team curates news and information from the corners of the internet just for you! Articles, research, infographics, and more related to infosecurity, cybercrime, payment card fraud, automation, and other...