For well over a decade, CEOs have been relegating the operational, legal, reputational and competitive risks associated with cybersecurity to those responsible for Information Technology.
Cybersecurity is the unsung linchpin of every company that has grown increasingly dependent upon vulnerable technologies, whether to communicate, to store sensitive data, or to manufacture and deliver its products and services.
The Chief Information Security Officer (CISO) not only protects IT systems with special hardware, software and secure business processes, but he or she also creates, implements and communicates the organization’s digital information security policies and procedures.
Learn how to change the game of security with better statistics
November 5, 2013
Leveraging metrics and statistics can lead to a stronger security program, just as they led to a better baseball team for the Oakland Athletics in “Moneyball.” So how can these metrics protect your enterprise from a Risk-Nado?
A survey by Tripwire, Inc., and the Ponemon Institute reveals that while 75 percent of respondents say metrics are ‘important’ or ‘very important’ to a risk-based security program, 53 percent don’t believe or are unsure that they are used in their organizations are properly aligned with business objectives.
Risk intelligence is one of the most important of the core elements which must be established when building a successful and effective enterprise risk management program.
Risk intelligence is the final and probably one of the most important of the core elements which must be established when building a successful and effective enterprise risk management program.
Using metrics provides a quantifiable way to measure the effectiveness of security programs and processes. As the popularity of metrics has increased over the past few years so has the number and type of metrics that are used to evaluate efficiencies. However, without proper vetting, metrics may not effectively evaluate the process or program that is being measured.
When’s the last time you reviewed the services that your security integrator is offering? If it’s been more than a year, or perhaps even a few months, I’m certain that you’ll find that there are more choices and greater flexibility in the deployment of those choices.
Performance metrics are “critically important” to business leaders, says Greg Niehaus, Professor of Finance and Insurance for the Moore School of Business, University of South Carolina. “In my view it’s very important for business functions to have metrics that tie back to the objectives of the organization – that measure the impact on value and value creation.” If a function fails to develop and effectively communicate performance metrics, says Niehaus, “their contributions to the organization will likely be not appreciated, which, in down times, could lead to cutting of responsibilities or jobs and hurting the value of the organization.”