About Us | Login | Follow CITO Research:

How to Build the Most Effective Cyber-Security Capability You Can Afford?

How to Build the Most Effective Cyber-Security Capability You Can Afford?

The challenge of cyber-security is as much economic as it is technological. The fact is no matter what the size of a company no amount of spending will provide complete safety. The crucial questions for Google, Facebook, IBM or your company are the same:


  • What assets we are trying to protect?
  • How much can we afford to spend protecting them?
  • How do we spend that money so that we get the most security possible?

This CITO Research Narrative will explain the journey that CIOs and CSOs must lead their companies through to understand security and make the best investments. We define the journey in the following stages that form a cycle of security analysis that should be constantly carried out:


  • Assessing your assets
  • Designing your security philosophy and policy
  • Choosing security technology
  • Creating a security operations team
  • Implementing security technology and practices
  • Tuning and optimizing your security capabilities

Assessing your assets


  • It is vital to understand what the bad guys will be after and protect that more than other assets that are less valuable.

Designing your security philosophy and policy


  • What risks are you willing to accept?
  • What attacks do you want to discourage and make difficult?
  • What attacks must be prevented with all possible means of protection?

Choosing security technology


  • What technology helps you implement each policy according to your philosophy?

Creating a security operations team


  • How will you staff your security operations team?
  • What skills must you have in-house?
  • What role can consultants and vendors play?

Implementing security technology and practices


  • How can you improve the process discipline required for security?
  • How can security be made usable?
  • When is onerous security justified?

Tuning and optimizing your security capabilities


  • How are false positives used to improve the tuning of your capabilities?
  • How do you look for false negatives?
  • How do you evaluate new technology?

Related Link

I’m told by people who would know that Jeff Bezos thinks of Amazon as a software company, not a retailer or an e-commerce company.

There comes a time in the life of every important technology where the CEO gets interested and wants to know what the fuss is all about. That time has come for Spark.

How is your organization going to harness the power of mobile devices? In many ways, the answer to this question is a proxy for your approach to technology in general.

Creation of VMs from a golden image can be automated, but the requirements are not easy to discover.