Security News > 2020 > December > Which security practices lead to best security outcomes?

A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others to help organizations achieve goals such as keeping up with business, creating security culture, managing top risks, avoiding major incidents, and so on.

A well integrated IT and security tech stack is a practice that is most conducive to retaining security talent, creating a security culture, and running cost-effectively, while a proactive tech refresh strategy will help achieve business goals, meet compliance regulations, avoid major incidents, and streamline IR processes.

A strong security culture embraced by all employees depends on good equipment, a clearly communicated and sound security strategy, and timely fixes when things break.

"Beyond adherence to specific practices, we also asked respondents about where their security programs place the greatest priority in terms of investment, resources, and effort. We used the high-level security functions defined in the NIST Cybersecurity Framework for this," the company noted.

"While the CSF's Protect function isn't at the bottom for every outcome, it ranks next to last for contributing to the overall success of the security program. That's certainly counterintuitive, but we don't see this as suggesting protection isn't important. Rather, it indicates that the best programs invest in a well-rounded set of defenses to identify, protect, detect, respond, and recover from cyber threats. The field has long been protection-heavy; this says that protection alone is not the most effective strategy."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/M3zxEeZixA0/