Issue link: https://securitytechnologyexecutive.epubxp.com/i/431828
36 SECURITY TECHNOLOGY EXECUTIVE • November/December 2014 www.SecurityInfoWatch.com CONVERGENCE Q&A;: VENDOR-NEUTRAL POINT OF VIEW METRICS FOR SUCCESS: QUANTIFYING THE INSIDER THREAT every year, annual technology updates are no longer suffi- cient. Because vendor promotional materials rarely provide a cross-industry perspective, even though they are plentiful they can't suffice for general educational purposes. SIA Technology Insights This is where the value of SIA Technology Insights journals comes into play (www.securityindustry.org/techinsight). Two issues have been published to date, providing more than 100 pages of vendor-neutral information about securi- ty technologies that end-users can use to update their secu- rity technology thinking. Be warned in advance that the journal's visual presenta- tion rivals that of the best vendor promotional materials that I have seen — so don't let that sway you into regarding the content as any kind of hype or fluff. These articles are not stories about product features. They are instead realistic presentations about current technology capabilities. A lot of work has gone into these journals. Although some of the material is technically detailed, the material is explained well enough that readers will achieve clarity of understanding that is not commonly obtained from other materials. In particular, SIA Technolog y Insights should be helpful for anyone — especially IT personnel not familiar with physical security technolog y — who wants to get up to speed on the range of industr y technolog y applications and stay updated, which can be done by means of the jour- nal's semi-annual issues. ❚ (continued from page 8) (continued from page 12) Request information: www.SecurityInfoWatch.com/10487869 • Identifying and linking common denominators: Common defects in multiple locations and business units indicate more fundamental process defects that are likely indicative of more expansive vulnerabilities in process safeguards. Addressing these multiple threat vectors enable a more comprehensive and cost-effective mitigation strategy. • Root cause analysis will identify and scope the defective con- trols to enable a more actionable and successful set of steps to improve deterrence, detection and response. • Focusing the inspection and assessment processes on the les- sons from incident post-mortems. • Testing the effectiveness of the measures taken by process owners to address gaps identified in the risk assessments and then feeding back the results as required for assurance. Employee engagement and security awareness — At the end of the day, insider protection relies heavily on a fully engaged and knowledgeable workforce. Assurance involves test and other methods of verification regarding the retention and quality of actionable knowledge of security responsibilities by persons in positions of trust. "Trust" is a core element in insider protection but experience has demonstrated that the combination of desire and exploitable opportunity can result in avoidable risk at various levels of severity. Maintaining in-depth safeguards and monitoring for anomalous and malicious or just plain risky behavior is an equally core set of activities to accompany trust in those with access. ❚ #ShowOrange to show your support visit mission500.org/showorange for details Join Mission 500 in our new initiative to help kids in need here in the U.S. Just wear or carry something orange on any Friday, take a selfe, send it to us for posting on Facebook, and share it with your friends and colleagues on social media using our #ShowOrange hashtag. Posting is free and we'll have weekly drawings for a gift card. And don't forget to donate on the site to help support this great cause. Together we can...