threats, assets, vulnerabilities

Bejtlich posted, “What Do You Investigate First?” He brings up the question of three different approaches:

  • focus on the threats
  • focus on the assets
  • focus on the vulnerabilties

These are great bullet points for a blog post (or hell, probably a small book) on how these approaches can be tackled, including perspectives from prevention, detection, response. And how these may compare to the “reality” many orgs face in responding to only the things that people will raise fire alarms about if they’re not available or what you might get in the most trouble for not responding to…

I was going to flesh this out as a full future post, but decided already that I don’t have the time, yet didn’t want to lose the beginning of my thoughts…