This chapter covers
- Developing a list of organizational assets that hackers might target
- Building a profile of potential attackers based on your assets
- Evaluating your existing defenses
- Using the three pillars of a successful cybersecurity strategy (relevant, proportional, and sustainable)
- Using CVE details and CVSS to understand and prioritize newly discovered security issues
Everyone will get hacked. No matter how great your defenses are or how well prepared you are, it’s a matter of when, not if. It happens to us all. Companies can spend millions of dollars on security tools and technologies and still end up in the news for a massive data breach. The important thing, then, is to be prepared for the hack and be able to respond and recover quickly. I want to help you achieve this through better security, and this chapter is all about understanding and building the fundamental skills and concepts you’ll need.
In chapter 1, we walked through some real-world impacts of a security breach. Now we’ll look at what underpins a successful cybersecurity strategy and what its objectives should be. Building on that, we’ll learn how to communicate, measure, and patch vulnerabilities, which will then feed into sustaining a culture of security in your organization. Finally, we’ll finish up by working through an exercise to see how prepared you are and how to start building your own security strategy.