[Cybersecurity Architecture] KPI, Metrics & Dashboards

This post summarizes some Cybersecurity metrics for Board or Risk Committee Reporting. 

Why Metric Reporting?

  • Reporting leads to success
  • Providing overall status of cyber program and its impact on overall enterprise
  • Effective allocating of funding resources
  • Supporting regulatory reporting requirements
  • Quantify cyber resilience leading to reduced customer and shareholder risks
  • Provides the context for budget increases
  • Need to address current and future threats
  • Conveying information to board through metrics 
  • Frame within maturity, risk, cost
Requirments:
  • Must be actionable
  • Must have clarity
    • Is the cyber program working
    • Is the cyber program adequately funded
    • Is the cyber program reducing customer and shareholder risk
Common Goals
  • Literature review/survey - NIST, FFIEC, CIS, SOC, ISO
  • reportable Metrics - As per literature review
  • Appropriateness - Effective Decision Making

Cyber Metrics Development Process

  • Assess
  • Discuss
  • Research
  • Broader Discussion
  • Effective Cyber Metrics

Metric Examples

For Following Common Areas
1. Cybersecurity training
2. Spam / Phishing Email Management
3. Patches Management
4. Antivirus / Antispyware coverage
5. Incidents Management
6. Audits Management

References

  • https://www.youtube.com/watch?v=xwMY5LGsutY
  • How to Plan for and Implement a Cybersecurity Strategy - https://www.youtube.com/watch?v=u-EQHbqWY60
  • Cybersecurity reference architecture - https://learn.microsoft.com/en-us/security/ciso-workshop/ciso-workshop-module-1?view=o365-worldwide
  • The Chief Information Security Officer (CISO) Workshop Training - https://learn.microsoft.com/en-us/security/ciso-workshop/the-ciso-workshop

版权声明:
作者:玉兰
链接:https://www.techfm.club/p/40621.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>