It may seem odd that the inherently technological problem of cyberattacks is best countered through a rigorous process and not strictly technological solutions. Yet, given the extraordinary pace of maturation associated with cyberattacks, it makes perfect sense to rely on a process to determine optimal defense strategies. In doing so, companies will not only protect themselves from cyber threats but will also have created a fantastic record of decision-making that will undoubtedly deter litigation. That alone should drive a movement towards process-based defenses.
via Why Cybersecurity Must Be Defined By Process, Not Tech – The CIO Report – WSJ