Assess the Risk to your business and establish if your technical controls are appropriate.
FOCUS ON THE REAL ISSUES
Formalized risk assessment is often out of reach of many small and medium enterprises. Using techniques based on industry standard research and practice that use evaluation of value, real threats, and potential loss provide information for the executive to make educated decisions. This is most effective as an ongoing process however a scoped targeted analysis for specific business goals demonstrates mature business governance.
Technical Security toolsets are often complex with large volumes of data. With a constantly changing threat environment each of the tools need care and feeding. It can be easy to have great security visibility in one area blind spots in others. Does the firewall policy make sense? Do you need better log capture from your mail system to correlate with use web surfing activity? Is there a new online service that poses real gains to your business but unknowingly also poses an existential threat to your business? Providing your team with a second set of eyes to collaborate on ‘securing to enable’ your business is a win for all.