Are we using the data from our security software and services to transform the data into actionable intelligence that informs an organization's strategic and tactical business decisions?

In a recent SANS survey, phishing (72%), spyware (50%), ransomware (49%), and Trojans (47%) are the threats most seen by respondents' organizations in 2017. Organizations are being attacked daily by numerous threats. Alert fatigue is developing from the overwhelming amount of data to sort through and understand where to start remediating. There are many tools to discover vulnerabilities and potential threat vectors. In our world, sorting through this information is a challenge as there are always competing interests within the information security organization and the business. Leaders must strike the right balance of security and operations, as well as risk and compliance.

From textbooks, we've been taught that in security we should identify, contain, and eradicate vulnerabilities on the network so that we reduce the risk of being compromised. We've been led to believe that security will save the company from the bad guys and that we will be given the power to do that. However, the reality is much more complex, with chief information security officer (CISO) and managers balancing budgets, engineers trying to get change requests approved, lack of human resources due to burn out or availability, dealing with vendors, company culture, world culture, and organization processes hindering our ability to respond to these threats that can cause a considerable risk to the organization and its information. Uncertainty, fog of war, and friction are a part of life as a security professional.

The questions that come to mind are as follows:

• How do we reduce this uncertainty?
• What is the priority?
• How do we focus our efforts?
• How do we provide actionable information so that I can get my stakeholders on board?
• How do I train my team?
• Where do we begin to remediate? Can I even remediate?

The threat landscape is always changing. Every day we hear of a new group of hackers that are targeting systems that are vulnerable to X and Y. There are reports of nation-state cyber espionage attempts on the national media. The scary thing is that there may be an attack happening and no one has caught on. There seems to be general paranoia about who will be next and if that day comes, I hope it isn't me.

This book is meant to help executives and analysts understand their role in raising the bar, from effective communication of the state of their security, to gathering information about their environment. How we address this is by building a cyber intelligence capability that provides accurate information about the exploitation potential of vulnerabilities that exist within the environment by known adversaries, resulting in appropriate measures taken to reduce the risk to organizational property.