Getting to grips with realistic metrics
Security teams are regularly asked to provide figures for how many breaches they prevent every month across the perimeter and endpoints but it ’ s difficult and misleading to give these figures . Unfortunately , these numbers aren ’ t representative of the genuine hard work of the team . It ’ s better instead to set metrics that can build trust , which might include details such as :
• Threat dwell time – The duration the adversary is in the system prior to discovery
• Patching and vulnerability – Time taken for the team to fix an issue or issue a security patch
• Checking the mean time to closure
• Documenting how many incidents the team has detected and resolved
• Measuring the results of newly integrated security products or initiatives , such as Multi- Factor Authentication or phishing awareness training .
Building a culture of cybersecurity
Responsibilities for cybersecurity extend way beyond the CISO ,
CISOs must build a culture where all team members share the vision and goals of the programme and are clear on their individual role in company safeguarding .
across the security team and to every IT user in the organisation , from executives to interns and even wider network stakeholders such as business partners . Therefore , CISOs must build a culture where all team members share the vision and goals of the programme and are clear on their individual role in company safeguarding . It ’ s most effective when this messaging comes from the top down .
It ’ s important to maintain continuous training while managing a new security initiative , especially when onboarding new employees . A risk assessment performed together with phishing exercises will keep security front of mind for employees .
Any organisation which operates in silos will have greater challenges to boost security strength across the business . If each part of an organisation is interwoven with one another , with shared security goals , that organisation will always be working the hardest to protect its assets .
The CISO will be the biggest influence on company security behaviour and decisions . When workers are stuck in their ways , it can be a challenge , but tightening
42 www . intelligentciso . com