If you were to ask ten people randomly to define “security,” you would get at least ten different answers.
More than likely, none of those answers would be wrong. This disparity is primarily due to personal perspective and the sometimes abstract nature of security. To some, it is an organizational function, some consider it financial, and yet others consider it the men and women in uniform at the main lobby.
While those are all good answers, we see security as something a little different. Our practice views security as a framework that must constantly adapt to meet new requirements and evolving threats, while also maintaining a baseline level of effectiveness.
Often, we experience customer interactions where the organization wants to apply a minimum standard and consider the job done. The problem with this approach is it does not take into account evolving threats. Standards often serve as a baseline level of protection or a common application across many facilities or locations. Unfortunately, that is not enough in today’s environment. Tactics, techniques, and procedures used to defeat security are constantly evolving – standards written three years ago were based on threats from three years ago. A framework that focuses on the consistent application of baseline standards coupled with the ability to address evolving threats is essential. We know that adversaries overseas communicate in real time and are sharing their success and failures. If you are not constantly monitoring the threat environment and making changes, you are opening yourself up for negative consequences.
Are you prepared to adapt?