1. If we’re strictly talking about common, SQL based BI tooling, I don’t think I’d want to do IR with a BI tool or storage stack, though, and stick to the cloudwatches / splunks / and ELKS that usually touch more security relevant logs. But, generally using tools to understand what access looks like can be important, and there are probably some BI narratives in there as far as dashboarding goes.
  2. Yes, this is generally about the accrual of risk over time. “Debt” is just a way of looking at it from a technology perspective which can sometimes make more sense to an engineering organization. Measuring risk is a million dollar problem that I don’t think anyone does well, if its even possible to do well.

Written by

Writing about risk, security, and startups.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store