When companies make everything a priority, nothing’s a priority>
SC Magazine – Ravid Circus
The article discusses the relationship between prioritization and risk findings in cybersecurity remediation.
It highlights how operating in firefighting mode and constantly prioritizing findings can prevent organizations from scaling their processes effectively.
The author explains that the need to prioritize arises due to scarce resources and the costly nature of remediation.
The traditional approach to fixing findings involves a time-consuming process that includes analyzing, triaging, opening tickets, and executing fixes.
This administrative overhead limits the focus to ultra-critical findings, hindering proactive remediation.
To achieve scalability, the article suggests improving project management aspects and reducing the cost of each remediation item.
Rather than solely relying on prioritization, the author discusses the importance of parallel workflows and leveraging different teams for separate findings.
This approach can alleviate the bottleneck often created by the security team and facilitate faster remediation.
Ultimately, the article advises transitioning from firefighting mode to scaling mode by reducing fix costs, identifying and addressing administrative bottlenecks, and recognizing when findings should be addressed by engineering teams.
By doing so, organizations can improve their project management practices and achieve more effective cybersecurity remediation processes.
Link: https://www.scmagazine.com/perspective/when-companies-make-everything-a-priority-nothings-a-priority