![](\"\/storage\/app\/media\/CFR\/cropped-images\/TrumpTweets-0-0-0-0-1484314597.png\")
<\/p>\nThis week the Internet blew up based on news that Intel officials briefed President Obama and Donald Trump on the possibility that Russia had information on Donald Trump that was damaging to him personally and might even have implications for the entire US government. (And while one never expects a hashtag like #goldenshowers to trend on twitter, the feed was hilarious.) <\/p>\n
<\/p>\n
Politics aside, this story is a textbook case of problems with being proactive with threats. Notice: I wrote “threats” not “events” or “incidents” because the incident hasn’t happened yet, there’s just a high potential for it to be true and for it to happen.<\/p>\n
You get lots of finger pointing in hindsight. The common question is “what did you know, and when did you know it?” Because, after something bad happens, anyone who knew of the potential<\/em> for the event comes under fire for not saying something sooner, not being more forceful if in fact they HAD said something, and for not doing something to stop it from happening. The fact is something happened and someone has to somehow get blamed.<\/p>\n And in the Trump intel story, you see the opposite of that, with everyone retreating to respective political corners, defending or dismissing the intel reports based on emotion and personal perspective. And since now that everyone’s already picking sides, it will be that much harder to make the right decision on how to treat the threat risk. So, how do you ask the right questions and take action in time to avoid<\/em> the impending threat?<\/p>\n Here are the questions predictive security and risk management brings:<\/p>\n Focus Predictive Security On Remediation Not Reporting<\/strong><\/span><\/p>\n We don’t know what advice the intel team gave to the government leaders, but we do know there are a few general ways you can deal with a threat or risk:<\/p>\n Unfortunately, if you didn’t have a remediation plan in place BEFORE the risk became likely, you’re facing much more confusion about what to do and even whether to do anything at all. This puts your company at risk and in fact, negates the value of having predictive security capabilities.<\/p>\n Bottom Line: Security professionals need predictive security management and prescriptive treatment plans to protect their firms from looming threats.<\/span><\/p>\n Security teams need clear treatment plans that address potential risks and how to mitigate them. As a simple example, if there is a threat of insiders giving information to third parties, then the remediation plan would involve something like “when someone downloads more than one file they don’t normally access, that person’s manager must ask why the person needed those files within 4 hours of the download.” Without this proactive treatment planning, companies likely do nothing and then get harmed even by risks they could have addressed.<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" This week the Internet blew up based on news that Intel officials briefed President Obama and Donald Trump on the…<\/p>\n","protected":false},"author":1,"featured_media":3826,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[92],"tags":[458,691],"organization":[],"ppma_author":[896],"class_list":["post-3825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-and-risk","tag-it-security","tag-security"],"yoast_head":"\n\n
\n