You remember all those scenes from the movies: Ethan Hunt sitting in First Class of a 747 and gets handed some kind of recording device with an intelligence briefing about his mission, should he choose to accept it.
What happens next is always the same: “This message will self-destruct in 5 seconds.”
And then in a wisp of (surely) acrid smoke, the recording device is destroyed and with it, the confidential information it previously communicated into agent Hunt’s calculating mind.
So begins another IMF assignment. Of course, the reality of the situation is ALWAYS slightly different or more than it seems from the initial briefing.
And how does the plucky Mr. Hunt always survive?
That’s right: he constantly validates the information he’s given, absorbs and assimilates new facts and makes judgement calls as to what seems to be the best way to accomplish the mission, get the bad guys, kiss the pretty girls and basically live to fight another day.
In fact, it’s just like the way risk assessments work in your organization, right?
No?
Ahhhh…. and so here lurks one of the fundamental security program effectiveness issues.
You see, that “this message will self-destruct in 5 seconds” bit is actually pretty important.
In contrast, what’s the life-expectancy of your security risk assessments?
A month?
A quarter?
A year?
More?
It just won’t work. And it won’t work because it’s simply not good enough.
You, as the security leader, need to make sure this doesn’t happen in your organization.
What’s that? Oh, you’re thinking risk assessments take too long?
Or maybe that they involve too many people?
Or that the threat environment is too unstable?
Here’s the thing: if you have the right approach to security governance, you can do a risk assessment every time you’re supporting a new project, and you can validate that risk assessment with every threat intelligence report your team receives.
It’s supposed to be a system—and it’s supposed to be a reinforcing system at that.
Everyone on your team plays a part, and the validity of any one risk assessment should be refreshed as often as the environment you’re operating in changes.
Every day…every hour…and even every minute if the stakes are high enough.
That’s what keeps Ethan Hunt alive, and it’s really the only thing that can keep you alive too.
And the good news is that it’s easier than you might think—if you use the right approach and have the right governance model in place for your team.
If you’re ready to turn what’s otherwise an impossible mission into “mission accomplished,” then let’s see how much work you really need to do.
Go to this link: https://archistry.com/go/SecurityLeader, scroll to the bottom of the page, click the big, yellow “APPLY NOW!” button, and schedule that call.
It’s just one of literally over 100 things we’ve helped leaders just like you address over the last 8 years we’ve been providing information and cybersecurity advisory services.
Or, maybe you enjoy dangling out of burning airplanes without a parachute.
It’s up to you.
Help is here if you want it: https://archistry.com/go/SecurityLeader
In the words of Ethan Hunt, “So what happens now?”
ast
—
Andrew S. Townley
Archistry Chief Executive
