TripWire Survey Suggests Customers Need More Help With Security

By Ken Presti
June 13, 2012 5:57 PM ET

Page 3 of 3

In many cases, the best advice for security experts from channel partners or within customer organizations is to begin with a relatively small-scale discussion, which helps to prevent key stakeholders from disengaging. “Cost is often used as the primary metric, but cost is merely an indicator,” explained TripWire's Melancon. “You can't specifically say that if you double your investment, risk will go down. Nor can you say risk will go up if you cut it in half. We’re trying to get people to adopt a risk framework that enables them to analyze the framework using metrics that are trendable and trackable and things that lead to things they can do directly.”

Examples include process adherence, configuration quality, employee training, effective collaboration among different organizational groups and ongoing monitoring of the company’s security footing.

“We see the most effective results when there are cross-functional steering committees where people have good discussions about the magnitude of risk from an IT perspective, from the hiring perspective, from the legal perspective, etc.,” Melancon said. “This helps the company get a handle on how effectively security investments are being made, and it doesn't become a situation of one part of the organization against the world.”

The channel’s role can lie in helping customers to assess those risks without the political bias or insular thinking that often obstructs effective strategic planning.

“If I were a partner, I would try to get a handle on how I can help organizations move more towards a risk-oriented strategy and implement some controls based on the highest risk," Melancon summarized. “Then, help them develop a proper list of metrics, and be able to assess the levels of those metrics to know whether what they are doing is successful or not. If channel partners can help with that, I think they will be hugely important. Many people just don't know how to get started. If you had a risk management kick-start service, you could probably make a lot of money.”

<< Previous | 1 | 2 | 3

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows