MANAGEMENT BY MEANINGFUL OBJECTIVE
The seemingly continuous disclosure of information security failures demonstrates the consequences of bad governance and bad management. Revered executive teams, boasting MBAs from our most prestigious Universities, brilliantly manage sales, operations, finance and human resources, only to ignore every management principle they have ever learned when they consider information security. The consequences can be catastrophic.
Why is information security governed so poorly? Peter Drucker famously said, “Management by objective works, if you know the objective.” “Good security” is not an objective. The problem is that security is a moving target. Leadership doesn’t know what to ask about, security professionals are faced with constantly evolving networks and threats, and IT staff are busy running the network. Information security is reduced from a business critical process to a line in the budget for leadership, a list of checkboxes and network scans for security professionals, and a nuisance for IT staff.
AristotleInsight allows for good governance and management principles to be applied to information security. The system provides the information necessary to determine specific security objectives, identify strategies to reach them, and ultimately measure success. It allows security professionals to use repeatable and measurable metrics to formalize their processes so IT security and risk can be managed. The key to a strong security posture is using a solution, like AristotleInsight, to achieve good governance, implement effective management, and realize improved security.
AristotleInsight is a big data security analytics solution implementing the UDAPE model. The solution collects, links, and organizes security data in order to establish baselines, conduct user behavior analysis, recognize anomalies, and detect advanced persistent threats.