The Major Flaw in How Organizations Value Security


NorthStar CEO, Alex Moss, joined The Mike Talks to People podcast to discuss the mistakes in how organizations value security and the impact those decisions have on the business.


View the podcast HERE or listen to it below:



  • Really it starts to come down to accountability and Security teams need to get very good at communicating risk and risk acceptance. The person who is responsible for the business group, line of business or business application may not understand the impact of their acceptance. And in the case of a breach, even if it was someone else who accepted the risk, the CISO bears the weight of that responsibility.


  • It can be as simple as saying, “there’s issues on that server that attackers are using in the wild actively in campaigns and they’re going to find one of our core applications. How do we fix that one issue because it could take down a key part of our business.” That’s something that can be understood at the C-level.


  • The key is understanding what’s important to your individual business and how do you gain visibility there to understand where technology is potentially putting  that portion of your business at risk.


  • Ultimately what [security] is trying to do is say ‘here is where we are at risk and communicate that in a way that leadership understands whether that someone is a director or VP or all the way up to the board.


Related Content

Top 5 Reasons You Need Risk-Based Vulnerability Management

Vulnerability Management Tip: Focus on What’s Important Not Just Urgent

Upgrade Your Vulnerability Management Program