Login

Register

Login

Register


One of the most challenging executive tasks for CISOs is quantifying the success and the value of the cybersecurity function.

Indeed, security leaders and their organizations have used a myriad of metrics over the years. Yet, many executives and board members have complained that those measures failed to provide them with adequate insight or understanding of how well the security department is performing, how it’s improving, and where it’s falling short.

“Too much technical jargon is being presented to the chief executive and the board. CISOs are still telling the board about critical vulnerabilities and the number of patches, but the board doesn’t understand that because there’s not any proper context provided,” says Jarrett Kolthoff, president and CEO of security firm SpearTip.

He adds: “Those numbers might be great for the CISO, but the CISO needs to work [on developing metrics] that offer context so the board understands risk and how much investment in security is needed.”

Cybersecurity experts, including Kolthoff, said there’s no one metric that can work for all CISOs to demonstrate how well their security efforts are working and whether they’re improving over time. But there are some metrics, or the right combination of measures and narrative, that are more useful than others.

Security metrics that matter to the business

Curtis Simpson, CISO of the tech firm Armis and former CISO of Sysco Foods, believes metrics are more important than ever, considering the increasingly high stakes of getting security right and the growing board oversight in this space.

Like others, though, Simpson says it’s about having the right metrics. “My favorite metrics are the ones the business actually cares about,” he says. As such, he seeks out measurements that narrate how security helps the business achieve its objectives.

As an example, he points to the metrics he used at Sysco, which had a stated goal of serving its global customers on a 24-hour basis. “I had to tell a story that explained how high risk would challenge the outcome of that objective,” he explains.

Copyright © 2020 IDG Communications, Inc.



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW