May 2023
Intermediate to advanced
43 pages
1h
English
Content preview from Evidence-Based Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Conclusion: Moving Toward Measurably Better Security
Organizations nowadays understand the fact that cyberattacks target all types of organizations of every size and geography and that they need to protect themselves effectively. Organizations that have gone through a risk assessment program and drafted a business impact analysis likely already know the potential impact of cyber-related disruptions to their businesses; what they don’t always know is how well they keep those risks at bay. What remains a challenge for CISOs and C-suite peers is measuring how effective security programs are in reducing risk and what their return is on investment.
In many cases, organizations that want to show proof of reducing risk may take a checkbox approach to assessing their resiliency. They rely on complying with regulatory requirements or compliance schemes that lay the baseline for being “secure enough” and do very little more if they don’t “have to.” But this approach can only work for so long, and it is only when those organizations are ultimately breached that investments in a proper security program receive support and funding. But compliance is not a practical guide to building a security strategy, and as such, it can never be adequate. Moreover, threats vary between industries and keep evolving over time, requiring organizations to also evolve the way they treat risk. The better way forward is to move from compliance-driven risk management to data-driven risk management.
Moving to data-driven ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.