Managing risk through security and compliance continues to be a leading concern of organisations the world over, however, meeting the requirements of increasingly demanding regulations whilst reducing exposure to the new classes of sophisticated threats and having an accurate understanding of risk and compliance at any point in time is challenging.
Managing risk today means making sense of more data: vulnerability scans, application and database logs, flows, access and session records, alerts, and trending analysis. Data streams originate from multiple systems protecting more users with more devices in more places.
Audits—whether internally or externally driven—showcase the pain of managing data from this plethora of sources. IT administrators must track down and collate data streams into the preferred format for the auditor’s consumption.
Audits are by definition a backward-looking and static assessment of past risk. They sap organizational resources and detract from proactive risk management—the ability to look forward, to understand and mitigate changing risks before they do damage.
This survey provides insight into how organisations are leveraging strategic risk management and mitigation solutions such as risk analysis, security information event management (SIEM) and vulnerability scanning as part of their overall risk and compliance programs.