HomeCyber BalkansRuthless Prioritization Is a Myth: Strive for Risk-Less Prioritization Instead

Ruthless Prioritization Is a Myth: Strive for Risk-Less Prioritization Instead

Published on

spot_img

Craig Burland, the Chief Information Security Officer (CISO) at Inversion6, discusses the challenges that companies face when trying to implement the concept of “ruthless prioritization” and proposes an alternative approach for cyber security professionals.

Burland starts by acknowledging the common mantra of “ruthless prioritization” that many companies emphasize in a world driven by technology and rapid change. The idea is to cut away the unnecessary and focus on the truly important in light of limited resources and time. However, he argues that many companies are ill-equipped to genuinely practice this level of prioritization, especially in the cyber security domain where mid-level managers are tasked with juggling numerous operational demands and finite resources.

He points out the illusion of “ruthless prioritization,” explaining that while it evokes images of decisive leaders making hard choices and sharing those decisions clearly, the reality often falls short. The process of deciding which projects are the most “critical” lacks discipline, data, and collaboration, leading to a chaotic mess of competing interests and tasks. This is particularly true in the cyber security realm, where mid-level managers find themselves overwhelmed with an array of operational demands, from patching vulnerabilities to implementing new security solutions.

Given these challenges, Burland proposes an alternative approach called “risk-less prioritization.” This method emphasizes understanding and reducing the most significant risks in cyber security rather than trying to decide which tasks or projects are more “important” in abstract terms. By prioritizing based on risk, cyber teams can focus their energy and resources where they will have the most substantial impact, aligning with the essence of cyber security – protecting critical assets from the most significant threats.

He outlines the key steps of risk-less prioritization, including regular risk assessment, quantifying impact, allocating resources based on potential impact, communicating decisions, and iterating and reviewing priorities as the threat landscape changes.

In conclusion, Burland acknowledges the challenges of implementing “ruthless prioritization” and emphasizes the need to shift the focus from a vague notion of “importance” to concrete risk reduction. He believes that risk-less prioritization provides a practical, impactful, and grounded approach, ensuring that cyber teams protect their organizations against the most significant threats first.

About the Author

Craig Burland is the CISO of Inversion6, bringing decades of industry experience to the company. He has led information security operations for a Fortune 200 Company and has been involved in various cyber security organizations. Burland can be reached on LinkedIn and at the Inversion6 company website.

In essence, Burland’s insights shed light on the challenges of prioritization in the cyber security domain and provide a practical alternative in the form of risk-less prioritization, ultimately aiming to protect organizations against cyber threats more effectively.

Source link

Latest articles

First fully agentic ransomware attack raises readiness concerns

Emerging Threat: The Role of AI in Cyberattacks In a landscape increasingly fraught with cyber...

White House Quantum Summit Unites Industry on Transition and Innovation

The recent quantum computing summit held at the White House marks a significant step...

Huntress Signs Giacom to Expand UK MSP Access to Managed Detection and Response

Huntress Expands Its Footprint Through Partnership with Giacom Huntress, a recognized leader in cybersecurity, has...

New Malicious Campaign Distributes Vidar Stealer and Monero Crypto Miner

In a concerning development within the realm of cyber threats, a new campaign has...

More like this

First fully agentic ransomware attack raises readiness concerns

Emerging Threat: The Role of AI in Cyberattacks In a landscape increasingly fraught with cyber...

White House Quantum Summit Unites Industry on Transition and Innovation

The recent quantum computing summit held at the White House marks a significant step...

Huntress Signs Giacom to Expand UK MSP Access to Managed Detection and Response

Huntress Expands Its Footprint Through Partnership with Giacom Huntress, a recognized leader in cybersecurity, has...