CLEVELAND, July 30, 2013 /PRNewswire/ -- SecureState, a management consulting firm specializing in information security, has developed a Security Business Model, based off of years of consulting experience, to help businesses create and align their tactical and strategic plans to guide them to a desired state of security.
"If you were to grade the information security industry as a whole, we would be at a D," Ken Stasiak, CEO of SecureState said. "We've been breaking into systems using the same methods for 20 plus years, because: a) companies do assessments, but never fix the problems, and b) when they do fix vulnerabilities they focus on tactical Band-Aids instead of long term strategic solutions."
Stasiak further illustrates his point by explaining how hackers often break into systems that have missing security patches.
"An assessment is conducted, and patches are applied to vulnerable areas, but no patch management system (not just software, but also policies and processes) is created to apply new patches when they are released. Any time something new is introduced to the environment, there is a new set of weaknesses."
This is often referred to as the assessment death cycle. Companies pay for assessments, they fix problems and patch vulnerabilities, but then the network environment changes and their back to square one. The SecureState Model eliminates this problem.
"We start by looking at a company's current state of security," Stasiak said. "Then we work together to develop a strategic roadmap to bring the organization to a desired state, and while doing that we account for the Principle of Three Forces: time, change and resources, to make sure they will be able to reach their goals."
This model helps security professionals bridge the gap between them and the line of business in a way that's easy for both parties to understand. By following this model, businesses will end up in a managed state (a SecureState) of security, which will prevent them from being breached or falling back into a deteriorated state.
About Our Company
SecureState provides premier consulting services for companies across the nation and internationally, including government and commercial sectors. The SecureState team is comprised of several specialties including: Advisory Services, Audit & Compliance, Profiling & Penetration, Privacy, Risk Management, and Incident Response.
Anthony Hardman, SecureState Public Relations
Video with caption: "Communicating a Business Model for Security." Video available at: http://origin-qps.onstreammedia.com/origin/multivu_archive/PRNA/ENR/FX-MM54656-20130730-1.mp4
Image with caption: "A Business Model for Security." Image available at: http://photos.prnewswire.com/prnh/20130730/MM54656-a
Image with caption: "SecureState." Image available at: http://photos.prnewswire.com/prnh/20130730/MM54656LOGO-b