This document discusses strategies for data protection and cybersecurity. It advocates taking a strategic rather than tactical approach that is driven by business needs rather than vendors. It emphasizes the importance of understanding threats, vulnerabilities, and risks; developing comprehensive protection strategies; operationalizing security; and continuously evaluating and improving security measures. The overall message is that effective cybersecurity requires understanding the environment, threats, and business needs in order to develop and execute holistic, risk-based strategies.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
Do you know what brings cyber security risks to your organization? Are you ready to deal with cyber threats and the consequences of a cyber attack?
Find out what you should watch out for, no matter the size of your company!
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
The new Payment Card Industry Data Security Standard version 3.0 is the global compliance standard for organizations processing credit card payments and it’s more security-centric than ever. Regardless of your PCI DSS compliance audit readiness, how will PCI 3.0 help protect against common cyber threats? How are cyber criminals able to routinely steal credit card and personal information, and what can you do now to protect your customer and transaction data?
Brian Honan (CISM,CGEIT, CRISC) is an information systems and cybersecurity specialist and a member of the Advisory Group on Internet Security to Europol’s Cyber Crime Centre (EC3) on breach investigations. Honan joins Joel Barnes (CISSP), Senior Systems Engineer for Tripwire, to share recent and likely breach scenarios that PCI compliant organizations face now.
You will learn:
•The top three things PCI compliant organizations overlook most frequently
•The most likely attacks scenarios targeting PCI compliant organizations and how to protect against them
•How to prepare for the inevitable breach: building an effective breach response plan
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
Do you know what brings cyber security risks to your organization? Are you ready to deal with cyber threats and the consequences of a cyber attack?
Find out what you should watch out for, no matter the size of your company!
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
The new Payment Card Industry Data Security Standard version 3.0 is the global compliance standard for organizations processing credit card payments and it’s more security-centric than ever. Regardless of your PCI DSS compliance audit readiness, how will PCI 3.0 help protect against common cyber threats? How are cyber criminals able to routinely steal credit card and personal information, and what can you do now to protect your customer and transaction data?
Brian Honan (CISM,CGEIT, CRISC) is an information systems and cybersecurity specialist and a member of the Advisory Group on Internet Security to Europol’s Cyber Crime Centre (EC3) on breach investigations. Honan joins Joel Barnes (CISSP), Senior Systems Engineer for Tripwire, to share recent and likely breach scenarios that PCI compliant organizations face now.
You will learn:
•The top three things PCI compliant organizations overlook most frequently
•The most likely attacks scenarios targeting PCI compliant organizations and how to protect against them
•How to prepare for the inevitable breach: building an effective breach response plan
Managing Enterprise Risk: Why U No Haz Metrics?John D. Johnson
A panel with Alex Hutton, Jack Jones, Caroline Wong and David Mortman discussing measuring risk and the SMART use of metrics to quantify enterprise risk. RSA Conference 2013
Information Security Management System in the Banking SectorSamvel Gevorgyan
Information Security Management System design. Information security governance approaches comparison. ISMS processes. ISMS implementation. The biggest threats in the Banking sector. The future of banking and payment systems. The challenges and future of banking. Cybersecurity solutions for Financial services.
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
Hundreds of companies, and the most demanding Federal agencies rely on DMI for Mobile Security services and solutions. And with more than 500,000 devices under management, we know how to do it right.
Now we’ve distilled 9 years of Mobile Security best practices into a white paper you can download. The paper lays out a smart, sensible approach to managing mobile risk without unnecessary cost and business disruption.
Please be our guest and check out the white paper. You’ll learn:
How to identify and protect against the threats that matter the most
What to do about “the hottest new technologies”
How to get the most protection for the least cost and disruption
The key differences and similarities between Mobile and traditional cybersecurity
- See more at: http://dminc.com/solutions/enterprise-mobility-services/mobilesecuritywp/#sthash.yTptNZRw.dpuf
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
The Benefits of Security From a Managed Services ProviderCSI Solutions
Today’s technology users—both consumers and bankers—who don’t stay informed on the latest in security can open themselves and others to attack.
View this SlideShare to learn what to look for in a solid managed security provider and how it can benefit your financial institution.
Security Framework for Digital Risk ManagmentSecurestorm
A cyber security governance framework and digital risk management process for OFFICIAL environments in UK Government. A pragmatic and proportional information risk management process which can be used at speed, and is compatible with Agile projects. This is released under a Creative Commons; Attribution-Non Commercial-Share Alike 4.0 International License.
10 Steps to Better Security Incident DetectionTripwire
* Why many organizations don’t successfully detect security breaches
* How to best use existing security information and event management and log management tools
* Other sources, including external ones, that can provide early indicators of a security breach
* How to maximize the security resources you already have
Watch the webcast here: http://www.tripwire.com/register/10-steps-to-better-security-incident-detection/
Businesses of all sizes are targeted by hackers to gain access to proprietary and customer data, threatening your ability to operate or even remain open for business.
Learn how to protect your business from threats and position it for growth.
The Cloud is both compelling and alluring, offering benefits that entice many organizations into rapid adoption. But caution should be taken. Leveraging cloud technologies can offer tremendous opportunities, with the caveat of potentially introducing new security problems and business risks. Presented are strategic recommendations for cloud adoption to a community of application and infrastructure developers.
The emails that you want are only the tip of the iceberg that you get.
Your Challenge
Within the email security gateway (ESG) marketplace, there are numerous vendors with varying options who all claim to be the perfect fit for your organization. It becomes challenging to sift through all the offerings and find the right one.
An ESG must serve a multitude of functions for the organization, as well as meet an array of requirements, all of which can be hard to accurately assess and include confidently.
IT security always struggles with costs. An email gateway can become expensive, but it is vital and thus needs to have a strong case made for implementation, improvement, or replacement scenarios.
Our Advice
Critical Insight
Cloud adoption among business functions is already high. Moving email to the cloud is just another step. Take this into consideration when selecting an ESG.
Advanced Persistent Threats (APTs) and Zero-Day attacks are changing the way organizations deal with threats. Recognize the need for greater visibility and tools that stay current with these developments.
Impact and Result
Understand developments within the ESG market to properly evaluate all capabilities and functions of an ESG.
Evaluate ESG vendors and products based on your enterprise requirements.
Determine which products are most appropriate for particular use cases and scenarios.
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
A framework developed by The Security Artist to reduce cybercrime to within your risk appetite.
This was developed specifically to address the shortcomings of other frameworks such as ISO 27001; COBIT 5; and even the NIST cybersecurity framework.
Cyber risk tips for boards and executive teamsWynyard Group
Craig Richardson, CEO of crime fighting software company Wynyard Group shares his recommendations for boards and executives on addressing cyber risks for their organisations.
This slide deck highlights the continued growth and evolution of Core Security Technologies and helps introduce an entirely new product for enterprise security testing andmeasurement - CORE INSIGHT Enterprise.
Managing Enterprise Risk: Why U No Haz Metrics?John D. Johnson
A panel with Alex Hutton, Jack Jones, Caroline Wong and David Mortman discussing measuring risk and the SMART use of metrics to quantify enterprise risk. RSA Conference 2013
Information Security Management System in the Banking SectorSamvel Gevorgyan
Information Security Management System design. Information security governance approaches comparison. ISMS processes. ISMS implementation. The biggest threats in the Banking sector. The future of banking and payment systems. The challenges and future of banking. Cybersecurity solutions for Financial services.
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
Hundreds of companies, and the most demanding Federal agencies rely on DMI for Mobile Security services and solutions. And with more than 500,000 devices under management, we know how to do it right.
Now we’ve distilled 9 years of Mobile Security best practices into a white paper you can download. The paper lays out a smart, sensible approach to managing mobile risk without unnecessary cost and business disruption.
Please be our guest and check out the white paper. You’ll learn:
How to identify and protect against the threats that matter the most
What to do about “the hottest new technologies”
How to get the most protection for the least cost and disruption
The key differences and similarities between Mobile and traditional cybersecurity
- See more at: http://dminc.com/solutions/enterprise-mobility-services/mobilesecuritywp/#sthash.yTptNZRw.dpuf
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
The Benefits of Security From a Managed Services ProviderCSI Solutions
Today’s technology users—both consumers and bankers—who don’t stay informed on the latest in security can open themselves and others to attack.
View this SlideShare to learn what to look for in a solid managed security provider and how it can benefit your financial institution.
Security Framework for Digital Risk ManagmentSecurestorm
A cyber security governance framework and digital risk management process for OFFICIAL environments in UK Government. A pragmatic and proportional information risk management process which can be used at speed, and is compatible with Agile projects. This is released under a Creative Commons; Attribution-Non Commercial-Share Alike 4.0 International License.
10 Steps to Better Security Incident DetectionTripwire
* Why many organizations don’t successfully detect security breaches
* How to best use existing security information and event management and log management tools
* Other sources, including external ones, that can provide early indicators of a security breach
* How to maximize the security resources you already have
Watch the webcast here: http://www.tripwire.com/register/10-steps-to-better-security-incident-detection/
Businesses of all sizes are targeted by hackers to gain access to proprietary and customer data, threatening your ability to operate or even remain open for business.
Learn how to protect your business from threats and position it for growth.
The Cloud is both compelling and alluring, offering benefits that entice many organizations into rapid adoption. But caution should be taken. Leveraging cloud technologies can offer tremendous opportunities, with the caveat of potentially introducing new security problems and business risks. Presented are strategic recommendations for cloud adoption to a community of application and infrastructure developers.
The emails that you want are only the tip of the iceberg that you get.
Your Challenge
Within the email security gateway (ESG) marketplace, there are numerous vendors with varying options who all claim to be the perfect fit for your organization. It becomes challenging to sift through all the offerings and find the right one.
An ESG must serve a multitude of functions for the organization, as well as meet an array of requirements, all of which can be hard to accurately assess and include confidently.
IT security always struggles with costs. An email gateway can become expensive, but it is vital and thus needs to have a strong case made for implementation, improvement, or replacement scenarios.
Our Advice
Critical Insight
Cloud adoption among business functions is already high. Moving email to the cloud is just another step. Take this into consideration when selecting an ESG.
Advanced Persistent Threats (APTs) and Zero-Day attacks are changing the way organizations deal with threats. Recognize the need for greater visibility and tools that stay current with these developments.
Impact and Result
Understand developments within the ESG market to properly evaluate all capabilities and functions of an ESG.
Evaluate ESG vendors and products based on your enterprise requirements.
Determine which products are most appropriate for particular use cases and scenarios.
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
A framework developed by The Security Artist to reduce cybercrime to within your risk appetite.
This was developed specifically to address the shortcomings of other frameworks such as ISO 27001; COBIT 5; and even the NIST cybersecurity framework.
Cyber risk tips for boards and executive teamsWynyard Group
Craig Richardson, CEO of crime fighting software company Wynyard Group shares his recommendations for boards and executives on addressing cyber risks for their organisations.
This slide deck highlights the continued growth and evolution of Core Security Technologies and helps introduce an entirely new product for enterprise security testing andmeasurement - CORE INSIGHT Enterprise.
Partner with HARMAN Digital Transformation Solutions (DTS) to build products and solutions that address real customer needs in real-time, and accelerate business growth.
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
With cybercrime (like denial of service, malware, phishing, and SQL injection) looming large in our digitized world, penetration testing - and code and application level security testing (SAST and DAST) - are essential for organizations to identify security loopholes in applications and beyond. We provide a guide to the salient standards and techniques for full-spectrum testing to safeguard your data - and reputation.
5 STEP PROCESS TO MOBILE RISK MANAGEMENT
1/ Understand how employees want to use Mobile Devices and Applications
2/ Identify potential threats
3/ Define the impact to the business based on probable threat scenarios
4/ Develop policies and procedures to protect the business to an acceptable level
5/ Implement manageable procedural and technical controls, and monitor their effectiveness
Internet and technology are central to the processes of most modern businesses. With the trend of remote working on a rise, availing Cyber Security Solutions in Europe have become all the more important for business continuity. Cyber security involves both protecting and recovering computer systems and data from potential cyber attacks. Companies of all types and sizes must be vigilant and proactive when it comes to their online safety. After all, cyber attacks can have huge consequences.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Complicate, detect, respond: stopping cyber attacks with identity analyticsCA Technologies
Corporate boards and audit committees are taking a greater interest in cybersecurity and plans to mitigate related risks. Headline-grabbing data breaches are prevalent. Shareholders and oversight bodies are concerned about the potential impact to their organizations’ financial well-being and reputation.
Today, cyber adversaries are well-organized and well-funded, and they are more able to enter commercial and governmental organizations than ever before. No company has the capability and capacity to prevent all attacks. The only way to operate securely is to assume a breach has occurred, is occurring and will occur. This requires “complicate, detect and respond” mindset when developing and automating controls.
For more information, please visit http://cainc.to/Nv2VOe
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts.
3. The trouble is that criminals seem to be able
to stay one step ahead, and the law-
abiding have to spend to much time trying
to catch up
– Nigel Phair, Cybercrime, The Reality of the Threat, page 178
StrategicCISO.com
4. Securing Endpoints?
StrategicCISO.com
Data wants to be free
What are your endpoints
Data classification
It’s what you don’t know you
don’t know that gets you
Email
Business Processes
Data transfers
5. It’s in the cloud already
StrategicCISO.com
Google
Amazon
Web Services
6. Security Trends – Current View
StrategicCISO.com- CONFIDENTIAL -
Endpoint Suites Network UTM Application
Security
Vulnerability
Management
[Other Point
Products]
Security Information and Event
Management
• Alerts
• Log Mgt
• Event Correlation
• Compliance Certification
Governance Risk
and Compliance
• User Policy Compliance
• Compliance Workflow and Reporting
• Remediation Workflow and Reporting
7. Scanning (web and/or network) products identify potential weaknesses
– Data overload including false positives/negatives – not most critical threats
– Does not prove exploitability, limited-view point solution, single vector
IT-GRC gathers information to aggregate and report
– Mostly used for higher-level policy and governance with little “R”
SIEM aggregates real data, dash-boarding, drill-down, etc.
– SIM/SEM correlates and presents what has happened (via alert), but doesn’t tell
you if your defenses are working
– Operational data, not situational. Just incidents or log data from past events
Security Risk Mgmt is simulator/model
– Correlates scanned, imported and entered data to infer highest risk
vulnerabilities, doesn’t do actual testing
– Network only and works on models vs. a real test of the security
DLP detects and prevents transmission of confidential information
To date, the critical challenge of how to provide insight into actual risks
across multiple layers of infrastructure still remains!StrategicCISO.com
8. Security – Future View
StrategicCISO.com- CONFIDENTIAL -
Endpoint Suites Network UTM Application
Security
Vulnerability
Management
IT Security Management
Vendors: IBM, HP, Cisco, Computer Associates, Symantec, McAfee
[Other Point
Products]
Comprehensive
Security Test and Measurement
•Verify and Validate Security Controls
•Measure Real-world Threat Readiness
•Measure Security Effectiveness
Security Information and Event
Management
• Alerts
• Log Mgt
• Event Correlation
• Compliance Certification
Governance Risk
and Compliance
• User Policy Compliance
• Compliance Workflow and Reporting
• Remediation Workflow and Reporting
9. Cyber Strategy Musings
(WordPress)
The Key of Knowledge – Book 2
The second area of knowledge in
this key is “Knowing your
environment”.
By Extension – Know Your
Strategy
Know your Strategy
StrategicCISO.com
11. What are your critical
business assets?
Data / Asset Classification
You can’t protect
everything
Focus on the most
important assets
Key of Knowledge
StrategicCISO.com
13. Compliance Checklists are not enough
Network Solutions was PCI compliant
before breach
Angela Moscaritolo, July 27, 2009
Web hosting firm Network Solutions on Friday
announced that, despite its being PCI compliant, a
breach had compromised approximately 573,928
individuals' credit card information.
http://www.scmagazineus.com/network-solutions-
was-pci-compliant-before-breach/article/140642/
Evaluate your existing controls
StrategicCISO.com
14. Layered Security – The Castle Model
Evaluate your existing controls
StrategicCISO.com
15. The Symantec Global Internet Threat Report, which covers trends in
2009, says attackers are aggressively targeting employees' social
networking profiles to help target key personnel inside targeted
companies. Meanwhile, Web-based attacks targeting PDF views
accounted for half of all Web-based attacks last year, up from 11
percent in 2008.
And malware creation increased thanks to more automated tools,
according to Symantec, which says it identified more than 240
million new malware programs last year, a 100 percent increase
over 2008
Understand the threat
Report: Targeted Attacks Evolve, New Malware Variants Spike By 100 Percent
New Symantec Global Internet Threat Report shows evolution of targeted attacks,
prevalence of Web-borne attacks, increase in malware variants in 2009
Apr 20, 2010 By Kelly Jackson Higgins
DarkReading
http://www.darkreading.com/vulnerability_management/security/antivirus/showArticle.jhtml?articleID=224500064
17. U.S. government agencies have been bracing
for a deluge of thousands more classified
documents since the leak of helicopter cockpit
video of a 2007 firefight in Baghdad. That was
blamed on a U.S. Army intelligence analyst,
Spc. Bradley Manning, 22, of Potomac, Md. He
was charged with releasing classified
information this month. Manning had bragged
online that he downloaded 260,000 classified
U.S. cables and transmitted them to
Wikileaks.org.
Officials Scramble to Review Emerging Afghan War
Documents for 'Damage'
Published July 26, 2010 | FoxNews.com
http://www.foxnews.com/politics/2010/07/26/damage-control-leak-afghan-war-docs/
Understand the Threat
StrategicCISO.com
18. Know your threat matrix
Understand the threat
StrategicCISO.com
19. Determine your organizations risk
tolerance
Know your vulnerabilities
Understand how the threats apply
Develop your Risk Strategy
StrategicCISO.com
20. Compliance requirements
Protect your valuable data
Put systems in place that protect your data as
it moves
Proactive intelligence on your environment
Discover your real vulnerabilities
Break the malware cycle
Develop your protection Strategy
22. Operationalize Security
Use Managed Services / Cloud Services
where practicable
Use automated systems
Understand the overhead
StrategicCISO.com
24. Be an enabler of business
Connect to your Enterprise Risk
Management
Show how it affects the bottom line
Understand your organization’s business need
StrategicCISO.com
25. Response and remediation
Robust Incident Response Plan
Response not react
Don’t merely remediate
Execute
StrategicCISO.com
26. Real time Protection
Find the barbarians that get past the gate
New Technologies
Execute
StrategicCISO.com
28. Col. John Boyd’s OODA Loop
Evaluate
StrategicCISO.com
29. Metrics
INCREASING CYBER-SITUATIONAL
AWARENESS VIA ENTERPRISE METRICS
Core Security Technologies Blog
Today’s ferocious cybersecurity environment is dynamic. One
of the challenges that organizations, both public and private
sector, have encountered in attempting to mature their IT
security and risk management plans has been a lack of
methods to calculate truly relevant metrics that would allow for
them to better understand and benchmark their security
standing over time.
http://blog.coresecurity.com/2010/04/29/increasing-
cyber-situational-awareness-via-enterprise-level-metrics/
Evaluate
StrategicCISO.com