
Let’s jump right in. The first part of the DUH Security Planning Formula is Data. This is where you ensure you are properly monitoring your data access, fixing issues, and defining requirements.
Data Protection - encompasses all data the organization produces.
Data hunting is a guaranteed way to get complete control of any network and access to all data.
Collection
Data is a key fundamental of cybersecurity defense and breach/attack insight.
Monitoring
If you don’t log data access you may not be able to determine the extent of a data breach!
Auditing
Edward Snowden isn’t a hacker – he exploited a weakness that would have been caught by a data audit.
Intelligence
If you don’t know who accessed data you won’t know the extent of a breach.

You should be able to answer all of these questions!
Data Protection
Data protection encompasses all data which the organization produces.
- What data do we have?
- Where is the data located?
- Are you sure?
- Is our data actually secure?
Collection
All data is good data – never pass up an opportunity to collect more data. Especially Security Data!
- What data are we collecting?
- What data could we be collecting?
- What data should we be collecting?
Monitoring
Data monitoring is the act of monitoring and logging all data access!
- Are we monitoring sensitive data access?
- Are we monitoring unstructured data access?
Auditing
Data auditing is the act of verifying data policy, access and monitoring procedures are in alignment with organizational standards.
- Have we independently verified data security controls?
Intelligence
Data Intelligence is about transforming data into information, information into knowledge, and knowledge into value.
- Are we correlating all security datasets?
- Are we recording all security data?

The second part of the DUH Formula is Update. Know what have and if it’s updated at all times. Malware often exploits unpatched systems.
Operating Systems (OS)
Most companies have many OS’s not being updated.
Update Management
Not updating makes any company “low hanging fruit”.
Software
Not updating software give hackers easy access into your network, data, and controls.
Human Virus Definitions
Users are 70% less likely to click on a phish they already experienced.
Appliances
Internet-connected coffee pots can get you hacked.
Technology
Cyber technology increases at an exponential rate.

Operating Systems (OS)
Windows is a very popular OS. Common OS’s are Linux (has many different names), UNIX (same), Apple and more.
- Are we keeping all of our operating systems updated? If not, was there a formal acceptance of risk?
Software
Microsoft Office is a very popular suite of software, but it includes any applications installed on company-owned computers.
- Are we keeping all of our software updated? If not, was there a formal acceptance of risk?
Update Management
Weaknesses in technology are always being discovered and updates fix known vulnerabilities.
- Are we updating everything? If not, was there a formal acceptance of risk (AOR)? Do we have an update acceptance of risk process (AOR)?
Appliances
Appliances are hardware used to assist with day to day business operations. Examples are routers, printers, and firewalls.
- What company devices are connected to the internet? Of these devices are any connected to my network?
Human Virus Definitions
Human virus definitions are a combination of high-frequency education and attack emulations.
- Are we phishing enough to actively combat evolving threats and identify user risk trends and change?
Technology
Technology can be anything digital and encompasses all cybersecurity controls as well as technology used to run the organization.
- Am I reviewing my technology to ensure it addresses cyber needs and is?