Prioritizing technical security controls
Up to now, you have learned about many technical security controls. But security is always a risk validation and threat mitigation in comparison to the investment of human resources, license costs, and even implementation and maintenance times. In addition, you also have to plan for all technical dependencies. Some come with new operating systems or with a Feature Update for Windows 10; others need to be set up and have networking dependencies. Some just validate logs for specific patterns and others work with AI to detect behavioral anomalies. In addition, you will find bypasses to almost all technical security controls.
As a result of this very complex topic, we can still see many customers focusing on the complete wrong areas in the first place. It is important to have a roadmap with milestones, and to continuously evaluate whether your plans still are the best choice. It is also important to play on all the defense lines. You should not just focus...