SlideShare a Scribd company logo

How to measure your cybersecurity performance

A
Abhishek Sood

This document discusses the challenges of cybersecurity benchmarking for CIOs and introduces Security Ratings as a solution. Some of the key challenges of benchmarking include: the difficulty gathering accurate metrics over time to compare performance to peers; clearly communicating benchmarking results to boards; and identifying security issues affecting competitors. Security Ratings provide an objective, quantitative method to continuously monitor an organization's cybersecurity performance and compare to others in the same industry through daily analysis of external network data, helping CIOs address these challenges.

Internet
1 of 9
Download to read offline
CYBERSECURITY BENCHMARKING A CIO’S GUIDE FOR REDUCING SECURITY ANXIETY
Page 2 In other words, CIOs today must be highly effective at benchmarking. But as the CIO, you know you can’t outsource risk—and you have to consider the risk posed by every new business function in your organization. With constant technological advances in business today, cyber risk is one area that requires a great deal of thought from the CIO. If you don’t have a complete picture of your organization’s security performance compared to your peers, you’re flying blind. INTRODUCTION In order for a business to be competitive, it must be continuously improving. This is something the modern chief information officer (CIO) knows all too well—and has likely lost some sleep over! But in order to build out the business structure and technical functionality that enables your organization to deliver products and services quickly and efficiently, you have to know how you’re doing compared to how your competitors and peers are doing. So in order to understand whether you need to drive cybersecurity improvements across the organization, you have to consider whether you’re accepting too much risk in comparison to your peers and competitors. Below, we’ll walk through the following: Why cybersecurity benchmarking is difficult for the modern CIO. Different methods of benchmarking you may be involved in (or want to consider). How Security Ratings may solve many benchmarking challenges.
Page 3 YOUR JOB MAY BE ON THE LINE. CIOs and CISOs are often the first on the chopping block when things go wrong in the cybersecurity space. So as the CIO, you want to know with certainty how your organization’s cybersecurity performance is doing so you can feel confident in your practices (and sleep better at night). YOU HAVE TO KNOW THAT YOUR BENCHMARKING EFFORTS ARE EFFECTIVE. For example, If you are gathering data on the best practices of your peers and competitors, simply knowing that many of them have a cybersecurity training program for employees isn’t enough. WHY CYBERSECURITY BENCHMARKING IS A CHALLENGE FOR CIOS TODAY WHY CYBERSECURITY BENCHMARKING IS A CHALLENGE FOR CIOS TODAY As the CIO, you have to know whether or not this training program actually works. In other words, gathering qualitative information without any hard and fast metrics to back it up is useless. ACCURACY IN BENCHMARKING IS CRITICAL. One of the most famous pieces of advice in cybersecurity is the oft- quoted “trust, but verify.” If you or your consultant gather data through interviews and discussion with peers and competitors, you may not have any way to verify that the information you’ve been given is accurate. Your employees, consultants, and peers are only human and are prone to misinformation, misinterpretation, and error.
Page 4 YOU HAVE TO BE ABLE TO CLEARLY COMMUNICATE CYBERSECURITY EFFECTIVENESS TO THE BOARD. Ten to 15 years ago, cybersecurity was an afterthought—and certainly wasn’t a critical issue in the boardroom. Today, this has changed dramatically. Boards today expect good cybersecurity hygiene and need to be updated on the status of a cybersecurity program regularly. Your board will expect you to discuss a number of cybersecurity metrics, which are often divided into two categories: Audit and compliance metrics: These deal with legal or fiduciary requirements like “Are we ISO- WHY CYBERSECURITY BENCHMARKING IS A CHALLENGE FOR CIOS TODAY 27001-compliant?” and “Do we have any outstanding high-risk findings open from our last audit or assessment?” Operational effectiveness metrics: These are quantitative metrics—backed with actionable data—that take a deep dive into the state of your cybersecurity program. Operational metrics are backed with actionable data. For example, “How quickly can we (or our vendors) identify and respond to incidents?” And, “How did we compare to our peers across a certain time span?” The latter question could be difficult to answer if you don’t have the right data—but with BitSight Security Ratings (which we’ll discuss later on in this guide) you can easily compare your performance to a number of your competitors’ over a period of time.
Page 5 There are two traditional methods used for cybersecurity benchmarking: formal and informal. Both are used frequently in today’s business landscape and have a number of benefits and risks. FORMAL BENCHMARKING Formal benchmarking takes place when you gather data on your peers and competitors, analyze that data, and use it to form a benchmark. This service can take place in-house or through a consulting firm working on your behalf. Benefits Of Formal Benchmarking Ideally, formal benchmarking allows you to get a comprehensive picture of your peers’ and competitors’ performance. You can compare what they’re doing in regard to cybersecurity to what your FORMAL VS. INFORMAL CYBERSECURITY BENCHMARKING FORMAL VS. INFORMAL CYBERSECURITY BENCHMARKING organization is doing so you can bear down in the areas that need more work. Risks Of Formal Benchmarking Your analysis only gives insight for a particular point in time. Your peers and competitors are constantly changing—just as you are—and that change can bring about major differences in cybersecurity posture. Your analysis is subjective and may focus too heavily on feelings rather than data. Whether this is done in-house or with a consultant, this may be costly. It can get expensive quickly! Formal benchmarking is time- consuming. You must account for “the human element” and how long it may take those involved with the benchmarking to get contact information, set up meetings, and analyze and present the data.
Page 6 INFORMAL BENCHMARKING Informal benchmarking takes place in a more casual setting and doesn’t necessarily involve hard and fast data. For example, you may be a part of a CIO online forum or a group that meets monthly to discuss cybersecurity best practices. Benefits Of Informal Benchmarking This process is significantly less time-consuming than formal benchmarking, so you can do it more frequently. Informal benchmarking is also much more cost effective. It’s a good starting point for younger companies that are just beginning the benchmarking process. It can also be a good supplement to formal benchmarking. ACTIONABLE RISK VECTORS CONFIGURATIONS TO CONSIDER Risks Of Informal Benchmarking This method of cybersecurity benchmarking tends to be more subjective and qualitative. The takeaways may be helpful for the CIO in his day-to-day activity, but may not offer direct insights that can affect the organization as a whole. Some organizations won’t be interested in sharing their best cybersecurity practices, as those practices may be a part of their competitive advantage. Participants in these types of forums must consider antitrust issues and other legalities. Informal benchmarking methods are helpful for the CIO in day-to-day activity, but don’t always offer direct, actionable insights.
Page 7 Security Ratings help you measure your performance and the performance of your peers over time by looking at externally accessible data and configurations on your network. This data does not require the permission of any company you examine and is updated daily. If there is a major change in your rating or the rating of a competitor, you’re alerted right away—so you can easily stay up- to-date on how you’re performing compared to your peers when it comes to certain metrics. When you combine Security Ratings with data you’re able to gather internally or through other formal and informal benchmarking activities, it gives you the easier, most quantitative, cost-effective approach for cybersecurity. Using BitSight can help you with three critical areas of cybersecurity benchmarking: DATA-DRIVEN BENCHMARKING WITH BITSIGHT DATA-DRIVEN BENCHMARKING WITH BITSIGHT If you want a quantitative, objective view of your cybersecurity effectiveness compared to thousands of other organizations in your same sector, you need BitSight Security Ratings.
Page 8 IDENTIFY SECURITY ISSUES RIGHT WHEN THEY HAPPEN. Using the BitSight platform, you can examine specific threats, infections, and security issues that are targeting your competitors and peers. This will give you the insight you need to prepare for this type of attack vector or harmful security issue. REDUCE RISK IMMEDIATELY. The Security Ratings platform is web-based, so you can get started with your data-based cybersecurity benchmarking in no time. The BitSight platform also makes it easy to integrate Security Ratings into your existing benchmarking tools and processes through CSV downloads, PDF reports, and an API. COMMUNICATE PERFORMANCE TO THE BOARD EFFECTIVELY. Security Ratings are set up like a consumer credit score, making them easy to understand. This gives you a simple and effective way to communicate benchmarking information in the boardroom.
Page 9 DO YOU KNOW WHERE YOUR ORGANIZATION STANDS IN REGARD TO CYBERSECURITY? Being able to properly harvest and digest cybersecurity benchmarking information is critical for today’s CIO. If you realize that your cybersecurity is not at the level it should be, evaluating it properly can help you raise appropriate resources to fix the issues. If you’re overperforming, you can rest assured that your cybersecurity policies are meeting the standard of care required. (And having a handle on where you’re at with cybersecurity performance will help you rest easier, as well!) If you want to see how BitSight’s Security Rating platform can help you benchmark your cybersecurity performance (and the cybersecurity performance of your vendors), request a free demo today. REQUEST FREE DEMO

Recommended

How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIsSteven Aiello
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 

Recommended

How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
4 Cyber Security KPIs
4 Cyber Security KPIs4 Cyber Security KPIs
4 Cyber Security KPIsSteven Aiello
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk ManagementDeepak Bansal, CPA CISSP
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOnRamp
 
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...NJVC, LLC
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationAjai Srivastava
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-FundamentalsGary Hayslip CISSP, CISA, CRISC, CCSK
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessGary Hayslip CISSP, CISA, CRISC, CCSK
 
Why does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programWhy does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programCharles Steve
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Ergmjschreck
 
Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metricsAbhishek Sood
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 

More Related Content

What's hot

Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk ManagementDeepak Bansal, CPA CISSP
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOnRamp
 
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...NJVC, LLC
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessAyham Kochaji
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationAjai Srivastava
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
Why does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programWhy does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programCharles Steve
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Ergmjschreck
 

What's hot (20)

Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk Management
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security Model
 
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
Health IT Cyber Security HIPAA Summit Presentation: Metrics and Continuous Mo...
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
Security metrics
Security metrics Security metrics
Security metrics
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentation
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaper
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
Why does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programWhy does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-program
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Erg
 

Similar to How to measure your cybersecurity performance

Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metricsAbhishek Sood
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)Marie Peters
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJSherry Jones
 
Building a business case for expanding your AppSec Program
Building a business case for expanding your AppSec ProgramBuilding a business case for expanding your AppSec Program
Building a business case for expanding your AppSec ProgramNicolas Gohmert
 
What is an IANS CISO Workshop? Factor 6
What is an IANS CISO Workshop? Factor 6What is an IANS CISO Workshop? Factor 6
What is an IANS CISO Workshop? Factor 6IANS
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Implementing business intelligence
Implementing business intelligenceImplementing business intelligence
Implementing business intelligenceAlistair Sergeant
 
Business Intelligence Productionization
Business Intelligence ProductionizationBusiness Intelligence Productionization
Business Intelligence ProductionizationDavid Moore
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolioKaloyan Krastev
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2IANS
 
Tech Update Summary from Blue Mountain Data Systems June 2015
Tech Update Summary from Blue Mountain Data Systems June 2015Tech Update Summary from Blue Mountain Data Systems June 2015
Tech Update Summary from Blue Mountain Data Systems June 2015BMDS3416
 
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUHOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUNormShield
 

Similar to How to measure your cybersecurity performance (20)

Cybersecurity the new metrics
Cybersecurity the new metricsCybersecurity the new metrics
Cybersecurity the new metrics
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
 
Building a business case for expanding your AppSec Program
Building a business case for expanding your AppSec ProgramBuilding a business case for expanding your AppSec Program
Building a business case for expanding your AppSec Program
 
What is an IANS CISO Workshop? Factor 6
What is an IANS CISO Workshop? Factor 6What is an IANS CISO Workshop? Factor 6
What is an IANS CISO Workshop? Factor 6
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
What is CIS Benchmark
What is CIS BenchmarkWhat is CIS Benchmark
What is CIS Benchmark
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
Implementing business intelligence
Implementing business intelligenceImplementing business intelligence
Implementing business intelligence
 
Business Intelligence Productionization
Business Intelligence ProductionizationBusiness Intelligence Productionization
Business Intelligence Productionization
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolio
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
 
What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2
 
Digital disruption – dive in to thrive
Digital disruption – dive in to thriveDigital disruption – dive in to thrive
Digital disruption – dive in to thrive
 
Tech Update Summary from Blue Mountain Data Systems June 2015
Tech Update Summary from Blue Mountain Data Systems June 2015Tech Update Summary from Blue Mountain Data Systems June 2015
Tech Update Summary from Blue Mountain Data Systems June 2015
 
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUHOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
 

More from Abhishek Sood

The future of enterprise management
The future of enterprise management The future of enterprise management
The future of enterprise management Abhishek Sood
 
Gain new visibility in your DevOps team
Gain new visibility in your DevOps team Gain new visibility in your DevOps team
Gain new visibility in your DevOps teamAbhishek Sood
 
Azure IaaS: Cost savings, new revenue opportunities, and business benefits
Azure IaaS: Cost savings, new revenue opportunities, and business benefits Azure IaaS: Cost savings, new revenue opportunities, and business benefits
Azure IaaS: Cost savings, new revenue opportunities, and business benefits Abhishek Sood
 
3-part approach to turning IoT data into business power
3-part approach to turning IoT data into business power 3-part approach to turning IoT data into business power
3-part approach to turning IoT data into business powerAbhishek Sood
 
How a bad HR dept. can lose $9M
How a bad HR dept. can lose $9M How a bad HR dept. can lose $9M
How a bad HR dept. can lose $9MAbhishek Sood
 
Big news coming for DevOps: What you need to know
Big news coming for DevOps: What you need to know Big news coming for DevOps: What you need to know
Big news coming for DevOps: What you need to knowAbhishek Sood
 
Microservices best practices: Integration platforms, APIs, and more
Microservices best practices: Integration platforms, APIs, and more Microservices best practices: Integration platforms, APIs, and more
Microservices best practices: Integration platforms, APIs, and moreAbhishek Sood
 
Why adopt more than one cloud service?
Why adopt more than one cloud service? Why adopt more than one cloud service?
Why adopt more than one cloud service?Abhishek Sood
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 
How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approachAbhishek Sood
 
DLP 101: Help identify and plug information leaks
DLP 101: Help identify and plug information leaks DLP 101: Help identify and plug information leaks
DLP 101: Help identify and plug information leaksAbhishek Sood
 
IoT: 3 keys to handling the oncoming barrage of use cases
IoT: 3 keys to handling the oncoming barrage of use cases IoT: 3 keys to handling the oncoming barrage of use cases
IoT: 3 keys to handling the oncoming barrage of use casesAbhishek Sood
 
How 3 trends are shaping analytics and data management
How 3 trends are shaping analytics and data management How 3 trends are shaping analytics and data management
How 3 trends are shaping analytics and data management Abhishek Sood
 
API-led connectivity: How to leverage reusable microservices
API-led connectivity: How to leverage reusable microservices API-led connectivity: How to leverage reusable microservices
API-led connectivity: How to leverage reusable microservicesAbhishek Sood
 
How to create a secure high performance storage and compute infrastructure
How to create a secure high performance storage and compute infrastructure How to create a secure high performance storage and compute infrastructure
How to create a secure high performance storage and compute infrastructureAbhishek Sood
 
Enterprise software usability and digital transformation
Enterprise software usability and digital transformationEnterprise software usability and digital transformation
Enterprise software usability and digital transformationAbhishek Sood
 
Transforming for digital customers across 6 key industries
Transforming for digital customers across 6 key industries Transforming for digital customers across 6 key industries
Transforming for digital customers across 6 key industriesAbhishek Sood
 
Authentication best practices: Experts weigh in
Authentication best practices: Experts weigh inAuthentication best practices: Experts weigh in
Authentication best practices: Experts weigh inAbhishek Sood
 
Tips --Break Down the Barriers to Better Data Analytics
Tips --Break Down the Barriers to Better Data AnalyticsTips --Break Down the Barriers to Better Data Analytics
Tips --Break Down the Barriers to Better Data AnalyticsAbhishek Sood
 
Attivio discovery insight innovation --Whitepaper
Attivio discovery insight innovation --WhitepaperAttivio discovery insight innovation --Whitepaper
Attivio discovery insight innovation --WhitepaperAbhishek Sood
 

More from Abhishek Sood (20)

The future of enterprise management
The future of enterprise management The future of enterprise management
The future of enterprise management
 
Gain new visibility in your DevOps team
Gain new visibility in your DevOps team Gain new visibility in your DevOps team
Gain new visibility in your DevOps team
 
Azure IaaS: Cost savings, new revenue opportunities, and business benefits
Azure IaaS: Cost savings, new revenue opportunities, and business benefits Azure IaaS: Cost savings, new revenue opportunities, and business benefits
Azure IaaS: Cost savings, new revenue opportunities, and business benefits
 
3-part approach to turning IoT data into business power
3-part approach to turning IoT data into business power 3-part approach to turning IoT data into business power
3-part approach to turning IoT data into business power
 
How a bad HR dept. can lose $9M
How a bad HR dept. can lose $9M How a bad HR dept. can lose $9M
How a bad HR dept. can lose $9M
 
Big news coming for DevOps: What you need to know
Big news coming for DevOps: What you need to know Big news coming for DevOps: What you need to know
Big news coming for DevOps: What you need to know
 
Microservices best practices: Integration platforms, APIs, and more
Microservices best practices: Integration platforms, APIs, and more Microservices best practices: Integration platforms, APIs, and more
Microservices best practices: Integration platforms, APIs, and more
 
Why adopt more than one cloud service?
Why adopt more than one cloud service? Why adopt more than one cloud service?
Why adopt more than one cloud service?
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --Symantec
 
How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach How to integrate risk into your compliance-only approach
How to integrate risk into your compliance-only approach
 
DLP 101: Help identify and plug information leaks
DLP 101: Help identify and plug information leaks DLP 101: Help identify and plug information leaks
DLP 101: Help identify and plug information leaks
 
IoT: 3 keys to handling the oncoming barrage of use cases
IoT: 3 keys to handling the oncoming barrage of use cases IoT: 3 keys to handling the oncoming barrage of use cases
IoT: 3 keys to handling the oncoming barrage of use cases
 
How 3 trends are shaping analytics and data management
How 3 trends are shaping analytics and data management How 3 trends are shaping analytics and data management
How 3 trends are shaping analytics and data management
 
API-led connectivity: How to leverage reusable microservices
API-led connectivity: How to leverage reusable microservices API-led connectivity: How to leverage reusable microservices
API-led connectivity: How to leverage reusable microservices
 
How to create a secure high performance storage and compute infrastructure
How to create a secure high performance storage and compute infrastructure How to create a secure high performance storage and compute infrastructure
How to create a secure high performance storage and compute infrastructure
 
Enterprise software usability and digital transformation
Enterprise software usability and digital transformationEnterprise software usability and digital transformation
Enterprise software usability and digital transformation
 
Transforming for digital customers across 6 key industries
Transforming for digital customers across 6 key industries Transforming for digital customers across 6 key industries
Transforming for digital customers across 6 key industries
 
Authentication best practices: Experts weigh in
Authentication best practices: Experts weigh inAuthentication best practices: Experts weigh in
Authentication best practices: Experts weigh in
 
Tips --Break Down the Barriers to Better Data Analytics
Tips --Break Down the Barriers to Better Data AnalyticsTips --Break Down the Barriers to Better Data Analytics
Tips --Break Down the Barriers to Better Data Analytics
 
Attivio discovery insight innovation --Whitepaper
Attivio discovery insight innovation --WhitepaperAttivio discovery insight innovation --Whitepaper
Attivio discovery insight innovation --Whitepaper
 

Recently uploaded

Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiMonica Sydney
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...meghakumariji156
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理F
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Balliameghakumariji156
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 

Recently uploaded (20)

Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 

How to measure your cybersecurity performance

  • 1. CYBERSECURITY BENCHMARKING A CIO’S GUIDE FOR REDUCING SECURITY ANXIETY
  • 2. Page 2 In other words, CIOs today must be highly effective at benchmarking. But as the CIO, you know you can’t outsource risk—and you have to consider the risk posed by every new business function in your organization. With constant technological advances in business today, cyber risk is one area that requires a great deal of thought from the CIO. If you don’t have a complete picture of your organization’s security performance compared to your peers, you’re flying blind. INTRODUCTION In order for a business to be competitive, it must be continuously improving. This is something the modern chief information officer (CIO) knows all too well—and has likely lost some sleep over! But in order to build out the business structure and technical functionality that enables your organization to deliver products and services quickly and efficiently, you have to know how you’re doing compared to how your competitors and peers are doing. So in order to understand whether you need to drive cybersecurity improvements across the organization, you have to consider whether you’re accepting too much risk in comparison to your peers and competitors. Below, we’ll walk through the following: Why cybersecurity benchmarking is difficult for the modern CIO. Different methods of benchmarking you may be involved in (or want to consider). How Security Ratings may solve many benchmarking challenges.
  • 3. Page 3 YOUR JOB MAY BE ON THE LINE. CIOs and CISOs are often the first on the chopping block when things go wrong in the cybersecurity space. So as the CIO, you want to know with certainty how your organization’s cybersecurity performance is doing so you can feel confident in your practices (and sleep better at night). YOU HAVE TO KNOW THAT YOUR BENCHMARKING EFFORTS ARE EFFECTIVE. For example, If you are gathering data on the best practices of your peers and competitors, simply knowing that many of them have a cybersecurity training program for employees isn’t enough. WHY CYBERSECURITY BENCHMARKING IS A CHALLENGE FOR CIOS TODAY WHY CYBERSECURITY BENCHMARKING IS A CHALLENGE FOR CIOS TODAY As the CIO, you have to know whether or not this training program actually works. In other words, gathering qualitative information without any hard and fast metrics to back it up is useless. ACCURACY IN BENCHMARKING IS CRITICAL. One of the most famous pieces of advice in cybersecurity is the oft- quoted “trust, but verify.” If you or your consultant gather data through interviews and discussion with peers and competitors, you may not have any way to verify that the information you’ve been given is accurate. Your employees, consultants, and peers are only human and are prone to misinformation, misinterpretation, and error.
  • 4. Page 4 YOU HAVE TO BE ABLE TO CLEARLY COMMUNICATE CYBERSECURITY EFFECTIVENESS TO THE BOARD. Ten to 15 years ago, cybersecurity was an afterthought—and certainly wasn’t a critical issue in the boardroom. Today, this has changed dramatically. Boards today expect good cybersecurity hygiene and need to be updated on the status of a cybersecurity program regularly. Your board will expect you to discuss a number of cybersecurity metrics, which are often divided into two categories: Audit and compliance metrics: These deal with legal or fiduciary requirements like “Are we ISO- WHY CYBERSECURITY BENCHMARKING IS A CHALLENGE FOR CIOS TODAY 27001-compliant?” and “Do we have any outstanding high-risk findings open from our last audit or assessment?” Operational effectiveness metrics: These are quantitative metrics—backed with actionable data—that take a deep dive into the state of your cybersecurity program. Operational metrics are backed with actionable data. For example, “How quickly can we (or our vendors) identify and respond to incidents?” And, “How did we compare to our peers across a certain time span?” The latter question could be difficult to answer if you don’t have the right data—but with BitSight Security Ratings (which we’ll discuss later on in this guide) you can easily compare your performance to a number of your competitors’ over a period of time.
  • 5. Page 5 There are two traditional methods used for cybersecurity benchmarking: formal and informal. Both are used frequently in today’s business landscape and have a number of benefits and risks. FORMAL BENCHMARKING Formal benchmarking takes place when you gather data on your peers and competitors, analyze that data, and use it to form a benchmark. This service can take place in-house or through a consulting firm working on your behalf. Benefits Of Formal Benchmarking Ideally, formal benchmarking allows you to get a comprehensive picture of your peers’ and competitors’ performance. You can compare what they’re doing in regard to cybersecurity to what your FORMAL VS. INFORMAL CYBERSECURITY BENCHMARKING FORMAL VS. INFORMAL CYBERSECURITY BENCHMARKING organization is doing so you can bear down in the areas that need more work. Risks Of Formal Benchmarking Your analysis only gives insight for a particular point in time. Your peers and competitors are constantly changing—just as you are—and that change can bring about major differences in cybersecurity posture. Your analysis is subjective and may focus too heavily on feelings rather than data. Whether this is done in-house or with a consultant, this may be costly. It can get expensive quickly! Formal benchmarking is time- consuming. You must account for “the human element” and how long it may take those involved with the benchmarking to get contact information, set up meetings, and analyze and present the data.
  • 6. Page 6 INFORMAL BENCHMARKING Informal benchmarking takes place in a more casual setting and doesn’t necessarily involve hard and fast data. For example, you may be a part of a CIO online forum or a group that meets monthly to discuss cybersecurity best practices. Benefits Of Informal Benchmarking This process is significantly less time-consuming than formal benchmarking, so you can do it more frequently. Informal benchmarking is also much more cost effective. It’s a good starting point for younger companies that are just beginning the benchmarking process. It can also be a good supplement to formal benchmarking. ACTIONABLE RISK VECTORS CONFIGURATIONS TO CONSIDER Risks Of Informal Benchmarking This method of cybersecurity benchmarking tends to be more subjective and qualitative. The takeaways may be helpful for the CIO in his day-to-day activity, but may not offer direct insights that can affect the organization as a whole. Some organizations won’t be interested in sharing their best cybersecurity practices, as those practices may be a part of their competitive advantage. Participants in these types of forums must consider antitrust issues and other legalities. Informal benchmarking methods are helpful for the CIO in day-to-day activity, but don’t always offer direct, actionable insights.
  • 7. Page 7 Security Ratings help you measure your performance and the performance of your peers over time by looking at externally accessible data and configurations on your network. This data does not require the permission of any company you examine and is updated daily. If there is a major change in your rating or the rating of a competitor, you’re alerted right away—so you can easily stay up- to-date on how you’re performing compared to your peers when it comes to certain metrics. When you combine Security Ratings with data you’re able to gather internally or through other formal and informal benchmarking activities, it gives you the easier, most quantitative, cost-effective approach for cybersecurity. Using BitSight can help you with three critical areas of cybersecurity benchmarking: DATA-DRIVEN BENCHMARKING WITH BITSIGHT DATA-DRIVEN BENCHMARKING WITH BITSIGHT If you want a quantitative, objective view of your cybersecurity effectiveness compared to thousands of other organizations in your same sector, you need BitSight Security Ratings.
  • 8. Page 8 IDENTIFY SECURITY ISSUES RIGHT WHEN THEY HAPPEN. Using the BitSight platform, you can examine specific threats, infections, and security issues that are targeting your competitors and peers. This will give you the insight you need to prepare for this type of attack vector or harmful security issue. REDUCE RISK IMMEDIATELY. The Security Ratings platform is web-based, so you can get started with your data-based cybersecurity benchmarking in no time. The BitSight platform also makes it easy to integrate Security Ratings into your existing benchmarking tools and processes through CSV downloads, PDF reports, and an API. COMMUNICATE PERFORMANCE TO THE BOARD EFFECTIVELY. Security Ratings are set up like a consumer credit score, making them easy to understand. This gives you a simple and effective way to communicate benchmarking information in the boardroom.
  • 9. Page 9 DO YOU KNOW WHERE YOUR ORGANIZATION STANDS IN REGARD TO CYBERSECURITY? Being able to properly harvest and digest cybersecurity benchmarking information is critical for today’s CIO. If you realize that your cybersecurity is not at the level it should be, evaluating it properly can help you raise appropriate resources to fix the issues. If you’re overperforming, you can rest assured that your cybersecurity policies are meeting the standard of care required. (And having a handle on where you’re at with cybersecurity performance will help you rest easier, as well!) If you want to see how BitSight’s Security Rating platform can help you benchmark your cybersecurity performance (and the cybersecurity performance of your vendors), request a free demo today. REQUEST FREE DEMO