Vulnerability Management

Avoiding the ‘ready, fire, aim approach’ to security

An enterprise’s IT and cybersecurity departments want the same thing: for systems to operate both efficiently and securely. However, they begin to diverge when things break down, said Brendan Williams.

The cybersecurity adjunct professor at the University of Dallas spoke with SC Media Deputy Editor Bradley Barth during an SC Media eSummit.

IT people often take the view of “If it ain’t broke, don’t fix it,” Williams explained, because doing something to a system introduces a change, which could affect the uptime and security of that system. On the other hand, the security team wants to shut things down if something unusual is detected, which affects IT’s uptime.

Click here to access SC Media's eSummit "Improve vulnerability and patch management strategies."

To meet the needs of both teams, Williams recommended solid documentation for problem discovery, framing and solving so that “you’re taking a ready, aim fire approach as opposed to a ready, fire, aim approach.”

Ultimately, he said the IT and security departments must work together to prevent attacks and they must partner to create a system of accountability and timeframe to resolve underlying security issues.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.