June 19, 2015
Not surprisingly, C-suite executives and board members alike are asking, “Are we at risk?”, “What are we doing to prevent this from happening to us?” and “How are we doing relative to others?”
But, as information security professionals seek to review their readiness to protect data and respond to these questions, they are working in the dark because there are no credible industry benchmarks for access risk, based on relevant standards similar to those for network support and application development.
This is a serious matter because the root cause of most data breaches lies in a deficiency in access management. Improving an organisation’s ability to deter or detect hackers and other foes can’t be solved by a new patch or control.
More disciplined and consistently applied access management is needed, but success depends on having a more credible measurement of performance relative to the norm for common access vulnerabilities.