One of the biggest problems with security defenses is the lack of concrete data to measure the effectiveness of mitigations against threats. In almost any other industry, the dearth of data would be embarrassing.
As I’ve noted before, every organization needs to develop a data-driven security defense. Such a defense uses a company’s own threat intelligence to align mitigations with the most relevant threats a company faces. The idea is to prioritize your own local threat experiences over outside data sets, focusing on root-cause analysis and using that data to drive all deployed mitigations.
Source: Infoworld.com | Security