We rely heavily on vulnerability-centric security for a variety of reasons, but the two key influencers are the legal and cultural concerns with threat identification/management and the assumption that assets are always fixed or growing. These two concerns can often be overcome by comprehensive planning and sound risk management implementation.
What does that mean to you?
Remember that in effective risk management, you have three big levers to pull to mitigate and manage your organization’s security: threats, vulnerabilities and assets. In order to be effective, you need to consider carefully all three, and ensure you’re leveraging all three as part of the solution. Next time you read of a security incident, consider if it was centered around a threat, a vulnerability or an asset. Learn to spot the differences, and recognize when your safeguards are out of balance.