Imagine a perfect situation, in which you work for a large company with a lot of information security measures in place. There is antivirus software on every desktop, updated automatically; there are firewalls and intrusion detection systems protecting the perimeter of the network; and host-based sensors scattered strategically throughout the system. The helpdesk staff have been warned of the risk from social engineering attacks, and the building itself is well-provided with CCTV and an alert set of security guards in the lobby. Periodically, a full review of information security is undertaken by an external audit company, and there is a well-managed programme of patching and network maintenance. Moreover, the organisation has a clear security policy, and has appointed an information security officer to report to the head of internal audit. A good situation, made even better as – in a rare example of largesse – the board has agreed to a one-off extended security budget to improve the situation further still. But what should the extra money be spent on for the best results? Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.