Chapter 21

Define Your Strategy


To create a security program, you need to begin by defining your governance strategy. You need to review your governance and see if it is complete and followed. From there, you need to understand your security posture and see where it differs from the ideal. A review of past incidents also points you to areas that require improvement. You also need to define the information that requires protection. You might also want to perform threat hunting and penetration tests to determine other vulnerabilities to exploit.


Assessment; Governance; Incident response; Investigations; Penetration testing; Threat hunting; Strategy
We want to clearly say that we realize that defining a strategy is not a simple task. ...

Get Advanced Persistent Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.