Security News > 2024 > March > Infosec teams must be allowed to fail, argues Gartner

In their keynote at the firm's Security & Risk Management Summit in Sydney, Australia, today, VP analyst Mixter and director analyst Xiu argued that no amount of effort can prevent infosec incidents, and the quality of organizations' response is a more appropriate measure of an infosec team's effectiveness than expecting they will never fail to fend off the never-ending torrent of attacks.

"Adrenalin does not scale," Xiu told the event - a reference to the practice of infosec teams responding to incidents by attacking them without a rehearsed plan.

The two analysts therefore counselled infosec pros to work with the business, to develop recovery plans based on tolerable impacts, as doing so helps infosec teams to prioritize investments.

Developing recovery playbooks and practising their execution will help to keep infosec teams effective - by making heroic action less necessary and by allowing cyber security practitioners to follow processes they have rehearsed.

In another conference session, senior principal analyst Alex Michaels suggested infosec teams could even consider hiring behavioral psychologists to help them understand the mental state of their staff and attackers.

Perhaps counterintuitively, Mixter and Xiu called for infosec teams to acknowledge more incidents - a conscious inversion of the "Days since last incident" metric used to indicate observance of safety procedures in many industries.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/18/gartner_infosec_failure_advice/