Page 3 of 3
In many cases, the best advice for security experts from channel partners or within customer organizations is to begin with a relatively small-scale discussion, which helps to prevent key stakeholders from disengaging. “Cost is often used as the primary metric, but cost is merely an indicator,” explained TripWire's Melancon. “You can't specifically say that if you double your investment, risk will go down. Nor can you say risk will go up if you cut it in half. We’re trying to get people to adopt a risk framework that enables them to analyze the framework using metrics that are trendable and trackable and things that lead to things they can do directly.”
Examples include process adherence, configuration quality, employee training, effective collaboration among different organizational groups and ongoing monitoring of the company’s security footing.
“We see the most effective results when there are cross-functional steering committees where people have good discussions about the magnitude of risk from an IT perspective, from the hiring perspective, from the legal perspective, etc.,” Melancon said. “This helps the company get a handle on how effectively security investments are being made, and it doesn't become a situation of one part of the organization against the world.”
The channel’s role can lie in helping customers to assess those risks without the political bias or insular thinking that often obstructs effective strategic planning.
“If I were a partner, I would try to get a handle on how I can help organizations move more towards a risk-oriented strategy and implement some controls based on the highest risk," Melancon summarized. “Then, help them develop a proper list of metrics, and be able to assess the levels of those metrics to know whether what they are doing is successful or not. If channel partners can help with that, I think they will be hugely important. Many people just don't know how to get started. If you had a risk management kick-start service, you could probably make a lot of money.”
<< Previous | 1 | 2 | 3