This week's episode of Defense in Depth
Measuring the Success of Your Security Program
This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our sponsored guest is Chad Boeckmann, CEO, TrustMAPP. All three of us discussed:
The process is very systematic. Start with knowing your risks, how you're going to track them, and the controls you're going to put them in place to manage them. Simple to say, hard to do.
Security risk is just one of a multitude risks a business faces.
Data's whereabouts is a moving target. Having confidence in its location and protections is key to managing overall risk.
Constantly be asking who has access to the data and what communications processes are you using to share that information between humans and machines.
Discuss with leadership as to how you will judge success and what metrics you will use. C-suite will need to lead the discussion with security providing guidance as to what they can and can't measure.
If you're measuring security's performance this is a great opportunity for security to tell its story and prove its value, ultimately setting it up for increased budget and participation from others.
An informal metric for success could be how often is security getting invited to informal meetings.
Overall positive sentiment of security by non-security employees.
How well are you able to build (are people eager to work with you?) and maintain your staff?
Another "out of the box" metric to consider are opportunity costs. How many contracts are you losing because you were incapable of meeting a potential customer's security standards?
Strong debate as to what is the goal of a security program: Risk reduction or risk management? It's very possible that you are currently managing risk well and the additional cost to reduce risk is not necessary.
Measuring the Success of Your Security Program
This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our sponsored guest is Chad Boeckmann, CEO, TrustMAPP. All three of us discussed:
The process is very systematic. Start with knowing your risks, how you're going to track them, and the controls you're going to put them in place to manage them. Simple to say, hard to do.
Security risk is just one of a multitude risks a business faces.
Data's whereabouts is a moving target. Having confidence in its location and protections is key to managing overall risk.
Constantly be asking who has access to the data and what communications processes are you using to share that information between humans and machines.
Discuss with leadership as to how you will judge success and what metrics you will use. C-suite will need to lead the discussion with security providing guidance as to what they can and can't measure.
If you're measuring security's performance this is a great opportunity for security to tell its story and prove its value, ultimately setting it up for increased budget and participation from others.
An informal metric for success could be how often is security getting invited to informal meetings.
Overall positive sentiment of security by non-security employees.
How well are you able to build (are people eager to work with you?) and maintain your staff?
Another "out of the box" metric to consider are opportunity costs. How many contracts are you losing because you were incapable of meeting a potential customer's security standards?
Strong debate as to what is the goal of a security program: Risk reduction or risk management? It's very possible that you are currently managing risk well and the additional cost to reduce risk is not necessary.
Click here to listen: https://cisoseries.com/defense-in-depth-measuring-the-success-of-your-security-program/
Tags 🏷
#cybersecurity #cso #ciso #infosec #hacker #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #databreach #pentesting #cloudsecurity #cyberwar #datasecurity #hacking #cloud #phishing #securitymanagement #infosec #ransomware #datasecurity #encrytption #cisoseries
Tags 🏷
#cybersecurity #cso #ciso #infosec #hacker #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #databreach #pentesting #cloudsecurity #cyberwar #datasecurity #hacking #cloud #phishing #securitymanagement #infosec #ransomware #datasecurity #encrytption #cisoseries
Comentários
Postar um comentário