“He who defends everything, defends nothing” is a quote by Frederik The Great. For me it means no IT Security team can monitor every application, network, system and information asset that a company has, no incident response team can follow up on every alert and security event, and no manager has the budget for every new security technology that is announced. At Cybervalue we focus on those risks that are critical for your organisation by applying the following methodology.
“Knowing what you have before you can protect it” is the foundation of our successful approach, combined with a risk-based prioritisation of your information assets. Based upon this, controls need to be implemented or existing ones optimised that consider the asset’s importance and risks, resulting in the right protection level.