Effect positive change to security controls, like patching within SLAs and improving phishing email awareness - Save your seat now To view this email as a web page,
click here | | | DATE: June 6, 2024 TIME: 2:00 PM EDT |
| CISOs strive to develop and use security metrics as an objective way to: (1) portray the state of their security programs; and (2) effect positive change to security controls, like patching within SLAs and improving phishing email awareness. However, they are challenged by data collection difficulties, limitations of reporting tools, and uncertainties about what metrics are relevant for different audiences (e.g., board, management, IT and security personnel). During this month of CISO Stories, practitioners will share their experiences and challenges with implementing a cybersecurity metrics program. Guidance and tools developed by a cross sector task force of CISOs are shared as well, highlighting: | The Cybersecurity Collaborative Security Metrics Framework Criteria for an effective security metric Methods for metrics reporting and decision-making Guidance for initiating a metrics program Strategies for expanding the program Tools for collecting and reporting metrics The Cybersecurity Collaborative Security Metrics Workbook (working metrics examples) |
| | | |
| Practitioners will also connect the dots on how such metrics should be used to continuously improve identity, application, cloud and network security, anti-ransomware efforts, zero trust, email security, threat intelligence, AI and third-party risk management. | |
| |
|
..