A Risk Management Approach to Information Security

Previous: Securing Your Data at Cloud Scale
Information security is no longer an IT problem. It's a risk management problem.
Writer Danny R.
May 30, 2015

Danny is one of the founders of Terbium and is known around the office for his extended soliloquies and pontifications about the security industry. He blogs about global trends and the importance of knowing where one's data is on the dark web.

It’s not a matter of if, but a matter of when. In fact, when discussing data breaches, it’s not a matter of when will it happen, but a matter of when did it happen. We started Terbium with the thesis that defense, while still necessary, is no longer sufficient. In today’s insecure digital world, your organization’s critical data will always be at risk, whether from a sophisticated outside actor or inside threat. That’s why modern organizations are shifting their information security focus from prevention to risk management.

One example of this shift has been the evolution of the Chief Information Security Officer’s role within an organization. Traditionally, the CISO position was an information technology one that focused on procuring and deploying defensive IT products on an organization’s network. However, more and more the CISO is moving into the risk management part of the organization, focusing as much on planning, remediation, training, and insuring as he or she is on technology and prevention. Planning for the eventual data breach is crucial in today’s environment, and being able to execute that plan as quickly as possible after a breach occurs is the key to mitigating damage.

It’s to this end that Matchlight Data Intelligence becomes a key part of any information security posture. Matchlight alerts organizations to the presence of their data on the internet immediately and automatically, with a particular focus on the dark web. With Matchlight, organizations can discover breaches within minutes rather than months, and initiate their remediation plans before any further damage can occur.

industry September 21, 2018
Security is Dead. Long Live Security.

Data has intrinsic value – think of it like money, just stored differently. We currently live in a world where actors use sophisticated tradecraft previously relegated to the shadowy world of government intelligence to...

industry August 09, 2016
The Security Industry Mindset: Black Hat 2015 vs. Black Hat 2016

The contrast in marketing imagery at Black Hat in 2016, compared to Black Hat 2015, represents a palpable shift in the industry away from fear, uncertainty, and doubt toward rational risk management and a...