OUR BLOG

How do you measure cybersecurity in your company?




Every organization wants to have the maximum benefit from its information security program' investment. Therefore, it is important that we have complete control over our entire IT infrastructure. However, there is one problem: this is much easier said than done.

 

There are three critical questions that must be answered:

  • How to get better visability in your assets and controls?
  • How to save resources?
  • How to have more confidence in your security data?

 

Measuring information security levels has been the subject of numerous studies over the last few years. Thanks to these studies, as well as conversations with experts from the cybersecurity industry, it has become clear that there are three main challenges when it comes to measuring cybersecurity.

 

These challenges revolve around three key themes: visibility, resources and trust.

 

Visibility is the key to quality security measurements

 

There is an increasing need for continuous visibility for security measurement.

 

Research done for the Security Leaders Peer Report shows that it is the lack of a good insight into the system that prevents the improvement of the organization's information security. The Forest Study shows the similar result - it states that organizations face two main challenges when it comes to security tools:

  • understanding gaps in control coverage,
  • creating a comprehensive list of assets.

 

 

David Fairman an experienced CISO, adjunct cybersecurity professor and member of Panaseer’s advisory board also emphasizes the importance of insight into IT infrastructure:

''The only way you can have true confidence in your overall security programme is to measure not only controls operating effectiveness, but also by measuring your controls coverage. I want to know where I have gaps. As security professionals, the things that get you in trouble are the things you don’t know about''.

 

 

Measuring cybersecurity consumes your resources

 

 

Measuring information security wastes your valuable time and other resources. This shortcoming is especially evident when we take into account the lack of security professionals. The Secutity Metrics Report reveals that the second biggest problem is when creating security time metrics. The survey included more than 400 respondents, mostly security decision makers. This is not really a surprising fact if we take into account the fact that 71% of organizations use internal solutions for measuring security and reporting. According to the Security Leaders Peer Report, 70% of organizations manually collect data for reporting and as much as 36% of the time security teams go to reporting.

 

Despite the wide variety of technologies available, companies rely on manual effort. Other studies have made the same findings: over 50% of companies spend days, weeks or months on quarterly reporting.

This is not a negligible amount of time, and is spent on tasks that can be easily automated. Time spent on reporting, secutity teams could take advantage of in a far more productive way, focusing more on strategic goals.

 

 

Trust is a must when it comes to cybersecurity

 

 

Security leaders don’t trust the underlying data they’re using to report on security and compliance. This distrust in data has been present for years.

The Security Leaders Peer Report found that 89% of large enterprises have concerns based on lack of visibility and insight into trusted data. Data visibility is related to data trust: security data is either unavailable or out of date. However, it is up to security teams to collect and compare data to report on the overall security posture.

 

Many studies on the topic of challenges in measuring information security have shown similar results: one of the main challenges is always trust in data.

It is essential that you have confidence in the data you rely on when reporting. The solution to how to achieve this lies in consistency. The clearer your report, the more it will be trusted. In other words, it will be more reliable. Many information security managers agree that it is dangerous to rely on just one tool. In addition, it is important to find a way to reconcile data sources. Otherwise, different functions could search the same information for different tools. This further leads to ‘paralysis through analysis’. So, you need to have one source of data that will respond to the needs of all stakeholders and that will provide the necessary consistency.

 

 

What is the solution?

 

 

Measuring the performance of individual components is important. However, measuring the overall ability of a system to detect, identify, respond, recover and protect itself from threats from the cyber world should be a basic goal when measuring information security. We mentioned three basic problems in security measurements: lack of visibility, resource wastage and lack of trust in the obtained data.

 

There is a way to solve all three problems at the same time - automation.

 

 

The importance of automation is reflected in two things:

1. Consistency and accuracy;

Users are confident in the validity of the data.

2. Reduction of operating costs;

Automation of the entire safety measurement process. You get rid of the complete manual effort and reduce the necessary resources.

 

Every progressive organization wants to automate security measurement with technology such as Continuous Controls Monitoring - CCM.

 

Our partner company Panaseer is a pioneer in the category of platforms for continuous controls monitoring. CCM has successfully addressed these three problems that security professionals have been facing for years. Given the growing risks in the cyber environment and increasingly complex security systems, it is not difficult to predict the growing trend in the use of platforms such as CCM.

 

 

 


Recent Posts




About Us




Sky Express is an exclusive distributor of advanced cybersecurity solutions and services in the field of information security, covering SEE market.


Sky Express offers a very selective range of complemental, compatibile.


Learn more

CONTACT US

Get In Touch

We look forward to
hearing from you.

CONTACT US

KONTAKT

Kontakt

Rado ćemo odgovoriti na vaša pitanja!

KONTAKTIRAJTE NAS
x
Sky Express koristi kolačiće (cookies) koji služe poboljšanju funkcionalnosti sajta i ne sadrže lične podatke. Više o kolačićima pročitajte u Politici privatnosti.
x
Sky Express uses cookies to improve the functionality of the site and do not contain personal information. Read more about cookies in our Privacy Policy.