Today's must-read gem is the latest report from the SBIC -- the Security for Business Innovation Council.
If you're not familiar, the SBIC is an RSA-sponsored group of information security leaders spanning the Global 1000. Periodically, they issue far-reaching perspectives on the state of information security in corporate environments.
This is the eighth report in the series, and the topic is undoubtedly the one that's on everyone's minds: When Advanced Persistent Threats Go Mainstream
I got my hands on a review copy. It's more than a good read -- it's an essential read.
To be clear, this is not your typical vendor "white paper" that ends up being a thinly-veiled pitch for whatever they're selling; by comparison, this document is a hard-hitting and sobering 25-page study of the new threat profile, and -- more importantly -- what needs to be done organizationally to compensate.
The headline from the press release gets right to the point -- assuming that you are compromised already, how do you minimize the damage?
Although I'm not a fan of the-world-is-ending headlines (especially when it comes to security), it might be somewhat justified in this case.
From my perspective, APTs and the related discussion represents perhaps the single most important shift in information security thinking in the last few decades.
As such, this ends up on my "must-read" list for just about everyone.
Many of the recommendations here stretch far outside the traditional security domain -- affecting existing functions and making a strong case for investment in new ones. It's a brave new world.
What I found especially fascinating was the real-world color from the people in charge of securing information assets at some of the largest organizations in the world. It's obvious -- they're concerned. As perhaps you should be as well.
This is not light summer reading -- but it is important.
I hope you can find some time to read it.
Comments