The T approach means to go horizontally (breadth-first) across the company identifying its risk surface, and evaluating the probability and impact of each threat and risk. Then go vertically (depth-first) thinking how to implement security controls to really reduce the probability of the most important risk happening and reducing the impact in the case it happens Continue reading
In a previous job, I had the mission of protecting a huge Windows infrastructure from ransomware. I had the resources to investigate and implement the necessary security controls. This is what I learned.