Let’s jump right in. The first part of the DUH Security Planning Formula is Data. This is where you ensure you are properly monitoring your data access, fixing issues, and defining requirements.

 Data hunting is a guaranteed way to get complete control of any network and access to all data.

Data is a key fundamental of cybersecurity defense and breach/attack insight.

 If you don’t log data access you may not be able to determine the extent of a data breach!

Edward Snowden isn’t a hacker – he exploited a weakness that would have been caught by a data audit.

If you don’t know who accessed data you won’t know the extent of a breach.

You should be able to answer all of these questions!

Data Protection

Data protection encompasses all data which the organization produces.

  • What data do we have?
  • Where is the data located?
  • Are you sure?
  • Is our data actually secure?


All data is good data – never pass up an opportunity to collect more data. Especially Security Data!

  • What data are we collecting?
  • What data could we be collecting?
  • What data should we be collecting?


Data monitoring is the act of monitoring and logging all data access!

  • Are we monitoring sensitive data access?
  • Are we monitoring unstructured data access?


Data auditing is the act of verifying data policy, access and monitoring procedures are in alignment with organizational standards.

  • Have we independently verified data security controls?


Data Intelligence is about transforming data into information, information into knowledge, and knowledge into value.

  • Are we correlating all security datasets?
  • Are we recording all security data?

The second part of the DUH Formula is Update. Know what have and if it’s updated at all times. Malware often exploits unpatched systems.

Most companies have many OS’s not being updated.

Not updating makes any company “low hanging fruit”.

Not updating software give hackers easy access into your network, data, and controls.

Users are 70% less likely to click on a phish they already experienced.

Internet-connected coffee pots can get you hacked.

Cyber technology increases at an exponential rate.

Operating Systems (OS)

Windows is a very popular OS. Common OS’s are Linux (has many different names), UNIX (same), Apple and more.

  • Are we keeping all of our operating systems updated? If not, was there a formal acceptance of risk?


Microsoft Office is a very popular suite of software, but it includes any applications installed on company-owned computers.

  • Are we keeping all of our software updated? If not, was there a formal acceptance of risk?

Update Management

Weaknesses in technology are always being discovered and updates fix known vulnerabilities.

  • Are we updating everything? If not, was there a formal acceptance of risk (AOR)? Do we have an update acceptance of risk process (AOR)?


Appliances are hardware used to assist with day to day business operations. Examples are routers, printers, and firewalls.

  • What company devices are connected to the internet? Of these devices are any connected to my network?

Human Virus Definitions

Human virus definitions are a combination of high-frequency education and attack emulations.

  • Are we phishing enough to actively combat evolving threats and identify user risk trends and change?


Technology can be anything digital and encompasses all cybersecurity controls as well as technology used to run the organization.

  • Am I reviewing my technology to ensure it addresses cyber needs and is?