Organizations trying to cope with securing their expanding attack surfaces eventually find themselves at a crossroads: they need to move beyond finding risks to effectively mitigating risk. Making that transition starts with a shift from using “risks found” as the KPI to “risks remediated” as the true measure of success. That change shifts security team incentives and drives them to focus on risk remediation. For that to work at scale, organizations must get away from … More

The post How to go from collecting risk data to actually reducing risk? appeared first on Help Net Security.