没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
试读
26页
对于组织来说,面临一系列新的网络威胁是一个日益严重的问题。安全和风险管理领导者应利用此战略路线图从传统的技术漏洞管理转向更广泛、更动态的持续威胁和暴露面管理实践。 主要发现 持续威胁暴露面管理 (CTEM) 流程最有价值的输出是记录和报告对风险降低的潜在影响以及组织价值的合理性。 通过模拟、配置评估或正式测试等多种机制验证安全威胁是减轻发现暴露面的响应负担的有效方法。 如果没有广泛的业务参与,大多数暴露面管理功能(例如漏洞评估)就无法有效发挥作用。尽早与解决者团队接触并制定动员流程对于成功至关重要。
资源推荐
资源详情
资源评论
Gartner, Inc. | G00787028
Page 1 of 25
2024 Strategic Roadmap for Managing Threat
Exposure
Published 8 November 2023 - ID G00787028 - 31 min read
By Analyst(s): Pete Shoard
Initiatives: Security Operations; Build and Optimize Cybersecurity Programs
The exposure to a range of new cyberthreats is a growing issue
for organizations. Security and risk management leaders should
use this Strategic Roadmap to pivot from traditional technology
vulnerability management to a broader, more dynamic continuous
threat and exposure management practice.
Overview
Key Findings
Recommendations
Security and risk management leaders, especially CISOs, establishing or enhancing EM
programs should:
The most valuable outputs of a continuous threat exposure management (CTEM)
process are the recording and reporting of potential impact to risk reduction and
justification of organizational value.
■
Validation of security threats via a number of mechanisms including simulation,
configuration assessment or formal testing is an effective way to reduce the
response burden of discovering exposures.
■
Without widespread business engagement most exposure management functions,
such as vulnerability assessment, are unable to function effectively. Early
engagement with resolver teams and the development of mobilization processes are
essential to success.
■
Build exposure assessment scopes based on key business priorities and risks, taking
into consideration the potential business impact of a compromise rather than
primarily focusing on the severity of the threat alone.
■
This research note is restricted to the personal use of chenlizhen@qianxin.com.
Gartner, Inc. | G00787028
Page 2 of 25
Strategic Planning Assumptions
Through 2028, validation of threat exposures by implementing or assessments with
security controls deployed will be an accepted alternative to penetration testing
requirements in regulatory frameworks.
Through 2026, more than 40% of organizations, including two-thirds of midsize
enterprises will rely on consolidated platforms or managed service providers to run
cybersecurity validation assessments.
Introduction
Exposure management (EM) is a set of processes that gives enterprises the awareness to
continually and consistently evaluate the visibility, accessibility and vulnerability of their
digital assets. EM consists of both exposure assessment and cybersecurity validation. In
many organizations, Gartner believes that EM will supersede the vulnerability
management (VM) practices of today. Organizations that acknowledge the need to handle
a broader range of exposures (such as those posed by modern application development
and social media, beyond technology vulnerability) will refine their use of external and
internal assessment tools, and expand to the use of continual assessment processes
such as CTEM.
This research explores the evolution of the exposure management category over the next
three to five years, identifying the inflection points that security and risk management
leaders can leverage to reduce threat exposure risk and create better working relationships
with adjacent teams for faster response to the most relevant and impactful potential
threats.
Initiate a project to build cybersecurity validation techniques into EM processes by
evaluating tools such as breach and attack simulation, attack path mapping and
penetration testing automation products or services.
■
Engage with senior leadership to understand how exposure should be reported in a
meaningful way by using existing risk assessments as an anchor for these
discussions, and by creating consistent categorization for discoveries that are
agreed with other departments in the organization.
■
Agree effective routes to resolution and prioritization characteristics before
beginning to report new discovered exposures by working with leaders of adjacent
departments across the business in areas such as IT management, network
operations, application development and human resources.
■
This research note is restricted to the personal use of chenlizhen@qianxin.com.
Gartner, Inc. | G00787028
Page 3 of 25
Figure 1 offers an overview of this Strategic Roadmap. The guidance contained herein
offers a comparison between a future state and the current state, identifying opportunities
to evaluate technology and organizational changes and bridge the growing gaps that
security teams are encountering in this domain. The migration plan recommends, in order
of priority, the actions CISOs should take to achieve a modern approach to dealing with
issues; from traditional vulnerabilities to more recent threat exposures.
Figure 1: Strategic Roadmap Overview for Exposure Management
Future State
Security leaders must set the vision across the business to help reduce risk by
continuously managing exposure in newly adopted technology being used to enable
modern business. To accomplish this goal, they must build on established processes for
managing vulnerabilities and other digital risks to the organization via a program that will:
Address vulnerabilities and nonpatchable exposures in regards to a wider view of
organizational risk, rather than identifying, cataloging and assigning risk to each
individual organizational unit of technology type.
■
This research note is restricted to the personal use of chenlizhen@qianxin.com.
Gartner, Inc. | G00787028
Page 4 of 25
Scope Specific Risks Based on Business Impact Priorities
Security plays a critical role in helping risk owners mitigate business risk. Cyber risk can
impact business outcomes and directly affect the organization’s mission-critical priorities
(MCPs). From the perspective of the organization’s business risk owner, it’s important to
recognize that the security team’s role is to support risk management in such a way that
the owner can make informed data-driven decisions. Indeed, security must ensure that
controls are aligned with the organization’s overall strategy and objectives, and provide
clear rationale and prioritization for its objectives and activities. The second most
important element for the CISO to consider in relation to risk is perception. Risk
management is an individual approach in all risk domains, and cyber is no different.
CISOs must prioritize risks that the organization perceives as the greatest alongside those
that experience tells them are the most critical.
It’s crucial to scope risk in relation to threat exposure, as this is one of the key outputs that
will benefit the wider business. To do so, senior leaders must understand the exposure
facing the organization, in direct relation to the impact that an exploitation of said
exposure would have. Together, with this information, executives can make informed
decisions to either remediate, mitigate or accept the perceived risks. Without impact
context, the exposures may be addressed in isolation, leading to uncoordinated fixes
relegated to individual departments exacerbating the current problems associated with
most vulnerability management programs. Being able to record and report on impact to
risk reduction is an important business-facing output of a CTEM process.
To begin scoping, we must consider the effect the risk will have on MCPs as well as how it
is perceived by the business. Building scopes that align with the priorities of the senior
leadership is critical to success, to achieve this CISOs must consider the following
important questions:
Affect mechanisms to validate discovered issues and identify ways to not simply
remove point vulnerabilities with ad hoc remediation, but to also reduce or accept
risks introduced by threat exposure.
■
Develop a set of outcome-driven, business-tuned metrics to deliver their findings in
ways that senior leadership can use to make effective decisions without having to
be security specialists.
■
Communicate with and involve all relevant business departments in the decisions
and measurements used to classify, prioritize and mobilize discovered threat
exposure.
■
This research note is restricted to the personal use of chenlizhen@qianxin.com.
Gartner, Inc. | G00787028
Page 5 of 25
These are question areas to consider before beginning any program and shouldn’t be
impacted or biased by having done some initial device or technology discovery.
Considering the answers to these questions without preconceptions will ensure that the
scope of any CTEM cycle is fully adjusted to identify gaps in coverage. Furthermore, that
coverage should not be limited to technologies the organization owns or controls, but
extend into previously unconsidered areas such as:
A CTEM program concurrently runs multiple scopes simultaneously; scoping is a focus for
reporting rather than the extent of the program’s reach (see Figure 2).
What business-driven events will likely be important and have high impact/visibility
in the short, medium and long term? Who are the owners of the associated business
processes?
■
What are the most critical and exposed IT systems and enterprise IT subscriptions in
relation to those business processes? Are all of those systems visible and where are
those systems?
■
Who are the system and service management owners of such IT systems and
enterprise IT subscriptions and who can effect change on those?
■
Who is ultimately accountable for risk decisions and who is responsible for making
the adjustments required?
■
Third-party applications and services — such as SaaS, supply chain dependencies
and code repositories.
■
Authentication — both applications, third-party services and adjacent authentication
solutions such as authentication keys for API-driven systems.
■
Consumer-grade services — social media/brand-impacting communications.
■
Leaked data — covering both data stored in deep/dark web forums and self-leaked
data via employee actions, password reuse or poor information hygiene.
■
This research note is restricted to the personal use of chenlizhen@qianxin.com.
剩余25页未读,继续阅读
资源评论
lurenjia404
- 粉丝: 1973
- 资源: 120
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于神经网络的虚假评论识别系统(Python源码+文档资料+数据集+代码流程说明文档+详细注释)
- 科大讯飞开发者大赛锂离子电池生产参数调控及生产温度预测挑战赛记录python源码
- 基于Python通过神经网络训练锂离子电池使用相关数据,预测电池当前最大容量+源代码+文档说明(毕业设计)
- 2023年创新组赛题一:基于数据驱动的动力电池健康状态评估与剩余寿命预测python源码+文档说明+全部数据
- indexcss.css
- 汇客数据权限,测试文件上传
- Proteus Professional 8.17
- kubesphere v3.4.1 离线包制作和离线安装
- VSPD虚拟串口软件安装包
- Screenshot_2024-05-28-00-57-02-304_net.csdn.csdnplus.jpg
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功