It’s a normal day and you’re carrying on with business as usual, when suddenly you get a dreaded call from law enforcement: your organization has been compromised. All this time you felt you were secure. What went wrong?
These days breaches are inevitable and experiencing this type of scenario is not uncommon. Organizations are in a tough spot. With various priorities competing for budget and resources, security leaders are left to ponder an important and challenging question: How secure do we want to be?
In our report, How Secure Do You Want to Be? Evaluating and Evolving Your Security Program, we explore the idea of how much risk an organization is willing to stomach and look closely at the different categories that organizations fall into when it comes to their security posture.
Using real-world examples, we dive into ten areas of your security program to evaluate when determining how secure you want to be, including:
- Governance, compliance and organization
- Data protection
- Security risk management
- Identity and access management
- Incident response
- Third-party and vendor management
- Host and endpoint protection
- Application, database and mobile protection
- Network, cloud and data center
- Security awareness training
Properly gathering and analyzing the information in these ten areas is a lengthy endeavor that can take as many as six weeks, so it’s not a bad idea to engage the help of a third-party consultant to perform a security program assessment.
The Mandiant Security Program Assessment draws on technical and investigative skills developed over the course of hundreds of thousands of hours on the front lines. Mandiant has a front-row seat to security programs that attackers have evaded, which provides a unique perspective when advising organizations on how to evolve their own programs.