Wednesday, May 12, 2021

Cybersecurity Metrics That Matter

For years now, we as security practitioners have been perceived as a road block to project timelines and overall efficiency of the business. Many security shops carried around a giant stick and typically said “no” to almost anything that came along. On top of this, we’ve had such a narrow focus about what we feel is important to “securing the enterprise” that we have been reporting things that have little to no meaning to the decision makers.

We must change this and begin recognizing the real value we add to the business — that we aid the decision makers in making educated business decisions.

Security teams must make a decision in their current environment. We can stick to outdated methodologies and find ourselves sitting on the curb, or we can redefine how we exist in the business. The first place to start is measuring things that are meaningful and treat security as a business enabler rather than a business expense. “What do I as a security professional worry about?” is not relevant. “What does the business worry about?” is the question that really matters.

We’ve Been Doing It All Wrong

Senior management does not care how many spam messages the organization received last month. They don’t care how many workstations are missing the latest Microsoft patches, and they certainly don’t care that the organization had 23,000 “high” vulnerabilities reported from the VA scanner. They care about the goal of the business, which is usually making money.

However, you can’t manage what you don’t measure.

The right metrics come from asking the right questions. Questions like, what business are you in? Or are we about efficiency or efficacy?

Read the rest at Enterprise IT Planet.

Similar articles

Latest Articles

Database-Tuning Platform Launches and...

PITTSBURGH — A team out of Carnegie Mellon University is launching its automatic database-tuning product today with the help of $2.5 million in funding.   OtterTune,...

Top 10 Professional Services...

Professional services automation (PSA) software aims to offer service-based companies most of the software they will need to run their businesses in one package....

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...

Dell APEX: Our...

One of the missteps IBM made last century was collapsing their sales model, which was services based, to generate a short-term revenue spike. Up...