Result oriented time correlation between security and risk assessments, and individual environment compliance framework

Abstract

Security professionals and attackers have common approach on their daily work. Hackers are following the same rule set as the data protectors while seeking for potential vulnerabilities to be exploited. Security assessments are usually deployed on year or mid-year basis. A prepared attacker would need 2 days to take down the environment once it is breached, or to remain unnoticed for more than 6 months. The discrepancies in those two timelines of activities performed on both sides could bring significant implications for any organization. The aim of this article is to suggest an approach for creation of an automated daily security assessment.