In previous posts of mine I discussed the fact that HP Labs have developed an approach and capabilities to assess the risks associated to organisations’ Incident Management and Remediation processes. These capabilities, centred on HP Security Analytics, enable decision makers not only to assess the performance and security risks associated to current processes but also to explore potential what-if scenarios (e.g. changes of SLAs, changes of processes/resources, changes of threat environments) and identify suitable investments.
These capabilities are now offered as a service by HP Security Business (HP ESS).
I am interested in exploring the implications of doing this in emerging scenarios involving organisations that increasingly rely on outsourcing, supply-chains and the Cloud. What are the implications in terms of Incident Management and Response? How to effectively enable Information Sharing? How to enable accountability among the involved parties?
There is an opportunity in designing and building the next generation of Security Analytics and Risk Management services that can scale and cope with these emerging scenarios. More to come.
In the meanwhile, I am looking for additional requirements and use cases in the above space. Please contact me if you are interested in engaging in this area.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment