Are you measuring the value and effectiveness of your cybersecurity efforts? Most companies around the world are failing to do so, according to a recent security measurement index benchmark survey. Without establishing the proper metrics, you’re flying blind.
And even when organizations’ information security function does generate and deliver data about the business’ security, it typically never gets read.
“Many companies, while they’re making some effort in cybersecurity, they’re not looking at the effectiveness in terms of how it helps the business,” says Joseph Carson, chief security scientist at Thycotic, which created its Security Measurement Index (SMI) based on standards for security specified in ISO 27001 and best practices from industry experts and associations. “Many companies are not evaluating their risk versus their impact. They’re not looking at this from a business impact evaluation or perspective. They’re doing it to meet compliance and many of their security metrics were channeled toward that.”
To read this article in full or to leave a comment, please click here