Performance Measurement and the Cyber Security Mindshift

Melissa Stevens | August 12, 2014 | tag: Security Risk Management

Measuring Security PerformanceThe other day, I received yet another email asking, "How much cyber security is enough?" You probably recognize this message, and see similar phrases on a regular basis. It's a really interesting question and something that a lot of people ponder, but more importantly, I think it signifies an important mind-shift that is starting to occur in the security space. We're starting to wonder, "When will it be enough? When will I be able to say I'm secure?"  The quantification of security performance is now a reality.

Are the Answers in the Data?

Now, more and more teams are starting to look at security performance and optimization. Instead of focusing on the newer, better tools, they've started asking, "How well are we using what we have? Is the issue with our tools or our use of them? Are there areas we can be more effective?" The only way to know this is to measure the results.

This shift is a focus on security outcomes instead of the controls themselves. Performance monitoring has shown that it's not always new technologies that we need - it's the fine tuning of tools we have in place and a bit of house-cleaning that makes the real difference. As explained in a recent BitSight Insights report, some of the most common network vulnerabilities are caused by things like expired certificates, configuration errors and out-of-date patches. These issues are easy to fix- and exploit- when you know the problems exist.  

By monitoring performance and effectiveness on an ongoing basis, security teams are finally able to communicate with boards and executives in a language they can understand. Teams can show where performance has improved, where vulnerabilities exist, and how strategy and investments are impacting performance over time.  They can make a true, metrics driven case for new investments in personnel and technology resources. Additionally, with security benchmarking, they can also show how performance compares across their industry and against other peers.  This shifts the conversation from focusing on "what tools will make us more secure?" to "how secure are we now?"

To learn more about the necessity security performance measurement and benchmarking, attend our August 14 webinar, featuring Jon Oltsik of the Enterprise Strategy Group and Stephen Boyer, BitSight CTO & Cofounder. 

Suggested Posts

The BitSight and Moody's Partnership: A New Era For Cybersecurity

Cybersecurity is one of the biggest threats to global commerce in the 21st century.

By providing data-driven insights into cybersecurity, we can empower the marketplace to make better, risk-informed decisions and create a more secure...


4 Critical Success Factors for Effective Security Risk Management

With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed...


IoT Cybersecurity: How Your Organization Can Tame the Wild West

From sensors on the factory floor to those that guide autonomous vehicles, the Internet of Things (IoT) is transforming how we live and work. Over the coming years, IoT will continue to change our world, with the number of connected...


Get the Weekly Cybersecurity Newsletter.