As management visionary and author Peter Drucker once said, “You can’t manage what you can’t measure.” No statement rings truer—especially when it comes to security risk reduction. By having an accurate depiction of your network, however, you can identify real-world security threats and learn how to evaluate your organization’s ability to respond to them. Find out how, with these seven essential steps.
patches, workarounds, or other defensive strategies. In addition to generating reports geared toward system administrators and security managers, security information needs to be collected, customized, and presented to others who need information regarding the security status of your organization. These include demonstrating high levels of security and regulatory compliance to management, regulators, acquiring banks (in the case of PCI DSS), and even to business partners and customers who may request