Being able to take the time to create your strategic plan for the Information Security Program as well as understanding when and where to concentrate your resources should always be a priority. That is until reality sets in and you realize that there is no time to think strategically and you must act like an M*A*S*H unit and triage. When you have multiple high-risk immediate priorities how do you decide what comes first to stabilize the situation
When I need to prioritize and am in the weeds I tend to use the following criteria.
1. Is there an active problem, intrusion or data loss situation in flight or is a critical service not being provided.
2. Is there a pending situation that will lead to a problem or loss situation? Glaring situations that can cause big losses, firewall mis-configuration etc.
3. Will my data be out of my control or in an unknown state? Is data leaving the network to a third party?
4. Are there regulatory or compliance issues? Projects required for industry or regulatory compliance?
The triage situation should only deal with issues that are critical to the enterprise in the near term, typically less than six months, concentrating resources to correct the mission critical issues. After those immediate issues are corrected time and resources must be spent on strategic planning and execution. Strategic planning of projects and initiatives should happen as quickly as possible even during triage situation and at a minimum have an outline of where the plan is going to ease in switching gears.
No comments:
Post a Comment