"As humans, we don't always make the right decisions, of course. When we do, it's generally because we are basing those decisions on accurate data. Simply put, sound decisions require deducing the correct conclusions from an accurate data set. Further, the more complete the data set we are analyzing, the better chance we have of arriving at the right decision."
"When we look to properly assess, prioritize, and mitigate risk, we need the most accurate and complete data we can get. When we don't have that, we end up doing a lot of guess work, and that can have disastrous consequences for the organization's security posture. In some cases, the necessary data might not be available. But in other cases, it is purposely being withheld and hidden from teams (including the security team) that need it."
"Dodging: When someone is not hiding anything and they are asked a straightforward question, they generally have no issue giving a straightforward answer. If, instead, the response to a straightforward question is extremely partial, overly complex, confusing, off-topic, winding, or otherwise, it is generally a sign that they are hiding something. Acting secretly: When someone is operating on the up and up, they generally operate openly and transparently."
Accurate and complete data are fundamental to making sound decisions and reaching correct conclusions. Security decision-making depends heavily on comprehensive, accurate data to assess, prioritize, and mitigate risk effectively. Lacking necessary data forces guesswork and can produce disastrous consequences for an organization's security posture. Some necessary data may be genuinely unavailable; in other cases, data are intentionally withheld or hidden from teams that need them. Common signs of withheld information include dodging straightforward questions with partial or confusing answers, secretive behavior via backchannels and closed-door conversations, and cutting access to information.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]