{"id":5738,"date":"2018-04-05T20:14:55","date_gmt":"2018-04-05T19:14:55","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5738"},"modified":"2021-04-07T20:20:43","modified_gmt":"2021-04-07T19:20:43","slug":"10-steps-security-changing-conversation-security-risk","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk","title":{"rendered":"10 steps to security\u2014Changing the conversation from security to risk"},"content":{"rendered":"<p>It may sound contradictory, but one of the biggest mistakes we see in the security sector is people talking about security. This leads organizations to thinking they have to be secure, but without having a clear understanding of what \u201csecure\u201d actually means.<\/p>\n<p>On top of this, being secure is something that indicates a binary position; either you are or you are not secure. While there are certain assets and systems you can make more secure, security itself is an impossible thing to achieve. However, a reduction in risk is absolutely achievable, and at the same time it is also measurable.\u00a0<img loading=\"lazy\" decoding=\"async\" class=\"alignleft\" src=\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg\" alt=\"balancing risk against cost.jpg\" width=\"407\" height=\"201\" align=\"left\" hspace=\"5\" data-entity-type=\"\" data-entity-uuid=\"\" \/><\/p>\n<p>When I\u2019ve worked with companies to help them create a good security program, the first thing I do is focus on risk\u2014how much risk are they under, how much risk are they facing, how do they mitigate that risk, what is an appropriate level of risk for their business, and how risk much can they afford?<\/p>\n<p>Ultimately, the conversation always comes down to striking a balance between how much the company wants to spend and how much risk the board is willing to assume. And there really isn\u2019t a generic right answer here\u2014it varies dependent of the company.<\/p>\n<h3>Planning for acceptable risk<\/h3>\n<p>By starting from the position of a risk-focused conversation, you can actually help people define and plan to cover what is acceptable for their particular organization and timeframe. You can then define a program that decreases risk and has them spending an appropriate amount to put them on a path to where they need to be, and allows them to measure their progress and ensure they are moving towards their risk goals.<img loading=\"lazy\" decoding=\"async\" class=\"alignright\" src=\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/Risk_focus%20on.jpg\" alt=\"Risk_focus on.jpg\" width=\"409\" height=\"202\" align=\"right\" hspace=\"5\" data-entity-type=\"\" data-entity-uuid=\"\" \/><\/p>\n<p>So, what does this mean for managed service providers (MSPs)?<\/p>\n<p>This isn\u2019t as big a step for solution providers as they might think. They are already helping their customers to achieve their business goals and manage their risk through providing IT services, such as making sure their systems and networks are all up and running, so there is already a solid backup and disaster recovery plan in place, and there are no technology barriers for them to do business. These same concepts also go for security.<\/p>\n<p>What MSPs do need to do though is have a thorough understanding of the business environment their customers operate in. So much of risk analysis will depend on the line of business they\u2019re in, what data they have, and how attractive a target they are to hackers.<\/p>\n<h3>Risk analysis starts with high-impact things<\/h3>\n<p>When making this analysis, MSPs should start by looking at the high-impact things\u2014ransomware, for example. What would happen if the customer was breached in this way? Is it just a minor inconvenience for them and they can simply return from a backup, or is it a major disaster that shuts down the company instantly and costs them thousands of dollars a day? Thinking about these types of disaster scenarios provides a powerful reference point.<\/p>\n<p>In some cases\u2014say a company manufacturing piping\u2014having systems go down doesn\u2019t stop them doing their jobs, and they can wait for a backup to restore them to where they were. For a company like this, employing 24\/7 monitoring for intrusion attempts would be over the top, but having the ability to restore quickly from backup would be valuable. At the other extreme, if a hospital\u2019s networks are compromised lives and valuable personal data are at stake. So the level of risk they can accept is much lower.\u00a0<img loading=\"lazy\" decoding=\"async\" class=\"alignleft\" src=\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/closed.jpg\" alt=\"closed.jpg\" width=\"411\" height=\"203\" align=\"left\" hspace=\"5\" data-entity-type=\"\" data-entity-uuid=\"\" \/><\/p>\n<p>This is where MSPs need to start the conversation, by looking at the real business impact of having systems go down or data stolen\u2014and even whether the business could be used as a conduit to get into other partners\u2019 systems.<\/p>\n<p>By shifting the conversation from security to risk, you are putting yourself in the position of being able to have a much more valuable and powerful conversation with your customers and prospects.<\/p>\n<p>&nbsp;<\/p>\n<p><em>In the next part, we will look at how MSPs can help companies understand where their most important data is and how they can plan to protect these assets.<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong>For more on Tim&rsquo; s top security tips, visit our Security Resources Centre\u00a0<a href=\"https:\/\/www.solarwindsmsp.com\/resources\/security\" target=\"_blank\" rel=\"noopener\">here<\/a>\u00a0and\u00a0download The Brown Report.<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><em>Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology,\u00a0including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim\u2019s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.\u00a0<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the first part of this 10-part series, Tim Brown explains why the conversation needs to move from security to risk and how MSPs can do this.<\/p>\n","protected":false},"author":43,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5738","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>10 steps to security\u2014Changing the conversation from security to risk - N-able<\/title>\n<meta name=\"description\" content=\"In the first part of this 10-part series, Tim Brown explains why the conversation needs to move from security to risk and how MSPs can do this.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"10 steps to security\u2014Changing the conversation from security to risk - N-able\" \/>\n<meta property=\"og:description\" content=\"In the first part of this 10-part series, Tim Brown explains why the conversation needs to move from security to risk and how MSPs can do this.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-05T19:14:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-07T19:20:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg\" \/>\n<meta name=\"author\" content=\"Tim Brown\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Brown\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk\"},\"author\":{\"name\":\"Tim Brown\",\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8\"},\"headline\":\"10 steps to security\u2014Changing the conversation from security to risk\",\"datePublished\":\"2018-04-05T20:14:55+01:00\",\"dateModified\":\"2021-04-07T19:20:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk\"},\"wordCount\":816,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/fr#organization\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg\",\"articleSection\":[\"Security\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk\",\"url\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk\",\"name\":\"10 steps to security\u2014Changing the conversation from security to risk - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/fr#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg\",\"datePublished\":\"2018-04-05T20:14:55+01:00\",\"dateModified\":\"2021-04-07T19:20:43+00:00\",\"description\":\"In the first part of this 10-part series, Tim Brown explains why the conversation needs to move from security to risk and how MSPs can do this.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#primaryimage\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/fr\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"10 steps to security\u2014Changing the conversation from security to risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/fr#website\",\"url\":\"https:\/\/www.n-able.com\/fr\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/fr#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/fr?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/fr#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/fr\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8\",\"name\":\"Tim Brown\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g\",\"caption\":\"Tim Brown\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"10 steps to security\u2014Changing the conversation from security to risk - N-able","description":"In the first part of this 10-part series, Tim Brown explains why the conversation needs to move from security to risk and how MSPs can do this.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk","og_locale":"fr_FR","og_type":"article","og_title":"10 steps to security\u2014Changing the conversation from security to risk - N-able","og_description":"In the first part of this 10-part series, Tim Brown explains why the conversation needs to move from security to risk and how MSPs can do this.","og_url":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2018-04-05T19:14:55+00:00","article_modified_time":"2021-04-07T19:20:43+00:00","og_image":[{"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg","type":"","width":"","height":""}],"author":"Tim Brown","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"\u00c9crit par":"Tim Brown","Dur\u00e9e de lecture estim\u00e9e":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk"},"author":{"name":"Tim Brown","@id":"https:\/\/www.n-able.com\/fr#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8"},"headline":"10 steps to security\u2014Changing the conversation from security to risk","datePublished":"2018-04-05T20:14:55+01:00","dateModified":"2021-04-07T19:20:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk"},"wordCount":816,"publisher":{"@id":"https:\/\/www.n-able.com\/fr#organization"},"image":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#primaryimage"},"thumbnailUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg","articleSection":["Security"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk","url":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk","name":"10 steps to security\u2014Changing the conversation from security to risk - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/fr#website"},"primaryImageOfPage":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#primaryimage"},"image":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#primaryimage"},"thumbnailUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg","datePublished":"2018-04-05T20:14:55+01:00","dateModified":"2021-04-07T19:20:43+00:00","description":"In the first part of this 10-part series, Tim Brown explains why the conversation needs to move from security to risk and how MSPs can do this.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#primaryimage","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/blog\/2018\/04\/balancing%20risk%20against%20cost.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/fr\/blog\/10-steps-security-changing-conversation-security-risk#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/fr\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"10 steps to security\u2014Changing the conversation from security to risk"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/fr#website","url":"https:\/\/www.n-able.com\/fr","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/fr#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/fr?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/fr#organization","name":"N-able","url":"https:\/\/www.n-able.com\/fr","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/fr#\/schema\/person\/65b11c76d7eceabc6a98f67feafee6e8","name":"Tim Brown","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/12fd73820610a5263c4429c2a99094e0c2e82401bbe39bf42457e891670b6566?s=96&d=mm&r=g","caption":"Tim Brown"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/posts\/5738","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/comments?post=5738"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/posts\/5738\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/media?parent=5738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}