Threat Exposure and Attack Surface in Enterprise Information Security Management
摘要
This research studied, through literature review and survey, how companies experience the necessity of traditional risk management when it is compared to attack surface and threat exposure management model. Traditional risk management, which relies on the experience of impact and likelihood, is still seen useful, but it has received criticism. The trend towards managing attack surface and threat exposure was perceived as increasingly impactful in the future. The companies felt that their own attack surface had increased, but mostly did not feel the need to update their current processes with new methods or services so far. This is clearly influenced by companies’ confidence to their current processes and systems. However, it is recognized that companies have perceived an increase in their attack surface, and with this, there may be a need for more complex protective mechanisms in the future.