The Secure Insight (SI) process consists
of four phases. Although the participants
of each phase vary among organizations, the SI analyst
and an organization's lead security manager are usually the
key participants.
The security manager usually relies on other security specialists
or information managers within the organization to provide specialized
expertise. The information captured during the first SI analysis
provides a foundation that the organization can refine and improve
in subsequent fiscal years or a change in the threat environment.
MSB can provide an initial analysis as well as continual support
using data from similar organizations to provide insight into
how other organizations are handling their threat environment.
PHASE 1—RISK ASSESSMENT
During Risk Assessment, the security manager
and SI analyst determine which threats are potential risks
and estimate the
potential damage to the organization from successful attacks.
The SI analyst helps the security manager tailor the risk assessment
to specifically identify the organization's concerns and the
impact from the threats. The result is a prioritized set of threats
that reflect the organization's risks and represent the most
important security concerns.
PHASE 2—BENEFIT ANALYSIS
Benefit Analysis
identifies which risk mitigation strategies are most effective
in the organization. The results
of this phase
can be used to conduct cost/benefit analyses and compare alternative
countermeasures for threats.
PHASE 3—COVERAGE ANALYSIS
Coverage Analysis shows how well the organization's
security countermeasures provide for defense in depth against
selected
threats. The organization can
see how well the current security architecture protects against the top threats
and how new technologies fit into the overall security architecture.
PHASE
4—SECURITY TRADEOFF ANALYSIS
Organizations select countermeasures based
not only on effectiveness and cost, but how well the technology fits into
the organization's culture and its effect on productivity. Factors, such
as complexity,
maintenance, etc., may also influence the decision to select security technologies,
before they are purchased.
Security Tradeoff Analysis is an optional phase that shows security
managers how to identify the important selection criteria and
allows them to compare alternatives based on these criteria.
Gain a better perspective on how to allocate
your organization’s
resources with Secure Insight. Contact
MSB today.
