A Risk Management Approach to Information Security

Previous: Securing Your Data at Cloud Scale
Information security is no longer an IT problem. It's a risk management problem.
Writer Danny R.
May 30, 2015

Danny is one of the founders of Terbium and is known around the office for his extended soliloquies and pontifications about the security industry. He blogs about global trends and the importance of knowing where one's data is on the dark web.

It’s not a matter of if, but a matter of when. In fact, when discussing data breaches, it’s not a matter of when will it happen, but a matter of when did it happen. We started Terbium with the thesis that defense, while still necessary, is no longer sufficient. In today’s insecure digital world, your organization’s critical data will always be at risk, whether from a sophisticated outside actor or inside threat. That’s why modern organizations are shifting their information security focus from prevention to risk management.

One example of this shift has been the evolution of the Chief Information Security Officer’s role within an organization. Traditionally, the CISO position was an information technology one that focused on procuring and deploying defensive IT products on an organization’s network. However, more and more the CISO is moving into the risk management part of the organization, focusing as much on planning, remediation, training, and insuring as he or she is on technology and prevention. Planning for the eventual data breach is crucial in today’s environment, and being able to execute that plan as quickly as possible after a breach occurs is the key to mitigating damage.

It’s to this end that Matchlight Data Intelligence becomes a key part of any information security posture. Matchlight alerts organizations to the presence of their data on the internet immediately and automatically, with a particular focus on the dark web. With Matchlight, organizations can discover breaches within minutes rather than months, and initiate their remediation plans before any further damage can occur.

industry July 12, 2019
Scrapers, Ransomware, and ID Checks - Oh My! The Month of June in 5 Articles

Each Month Terbium Labs’ Research Team curates news and information from the corners of the internet just for you! Articles, research, infographics, and more related to infosecurity, cybercrime, payment card fraud, automation, and other...

industry July 11, 2019
The King is Dead, Long Live Decentralized Markets?

In this post, we will look at the takedown of Deep Dot Web, the potential rise of decentralized marketplaces, and the threat they pose to your information security. We will also discuss the impact...