Every day businesses are forced to spend increasing amounts of precious management time and resources on cybersecurity as data breaches, threats and risks keep piling up. CIOs are asking senior management to spend more and more on risk assessment, incident management, consultants, specialized intrusion detection software and fancy, pricey network hardware.
Senior management is rightly asking: When will this investment end? How much is enough? Am I still at risk of a high-profile disaster, like Sony, occurring on my watch? CIOs can’t answer these questions meaningfully without some data from cybersecurity Key Performance Indicators (KPIs). However, CIOs struggle to identify, design, operate and report on meaningful KPIs.
Here’s a list of resources that will help you quickly define cybersecurity KPIs that are likely to be meaningful for your organization. These resources have been developed through the collaboration of many cybersecurity experts and practitioners. By using one of these resources you will have the assurance that your KPIs are reasonably comprehensive and that you don’t have glaring cybersecurity holes not covered by KPIs. The KPIs can be tracked and reported on easily.
A Taxonomy of Operational Cyber Security Risks Version 2
This Taxonomy of Operational Cyber Security Risks identifies and organizes the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. Each class is broken down into subclasses, which are described by their elements.
You can use this taxonomy to quickly identify KPIs that are meaningful to your organization. You can then regularly report KPI statuses to management within the four, easy-to-understand classes.
View the original content and more from this author here: http://ift.tt/1IAJkXh
from cyber security caucus http://ift.tt/1G0lOwO
via IFTTT
No comments:
Post a Comment