Showcasing SecOps Metrics That Matter

Last updated at Mon, 24 Jul 2023 19:30:54 GMT

今年, new rules from the Security 和 Exchange Commission (SEC) about board-level expertise, 风险管理, 和 public disclosures will take effect. The European Union is updating its regulations, as well. To meet these new requirements, organizations will need to explain to shareholders exactly how they assess cyber risk, 描述安全策略, 和 prove a significant level of board oversight.

In this climate, security leaders will be expected to advise the C-suite on SecOps activities. As a security professional, this can be a challenge. It’s also an opportunity to shape the structure 和 execution of business 和 go-to-market decisions.

我们最新的电子书， Presenting Upward: How to Showcase SecOps Metrics That Matter offers practical 和 actionable advice on how to present security metrics in a language execs underst和.

关于这些指标

Cybersecurity metrics are essential to underst和 where you’re succeeding 和 where you may need to make changes.

一些例子包括:

Number 和 disposition of security incidents: You have no control of this, but it gives execs insight into the risk they face. There’s an attack every 39 seconds somewhere. What’s life like in your security operation?

Mean time-to-detection (MTTD): This metric gives insight into both efficacy of tools 和 coverage of data (is the detection coming from a reported incident vs. 工具等.).

平均响应时间(MTTR): This also gives insight into your ability to respond 和 whether your tools 和 processes meet your threats 和 use cases.

Cost-per-incident: This gives you insight into efficiency of process, 工具, 和 also potential staffing shortcomings (like the number of people or specific skills).

There are many other metrics you may need to track to underst和 your cybersecurity readiness. Good metrics will differ for every organization, 取决于你的风险, 需要, 法规遵循需求, 期望的业务成果, 安全成熟度, 和更多的.

故事+参数=成功

Generally speaking, executives don’t usually want to get too deep in the weeds. So, your ability to present metrics in a way they underst和 is critical to achieve cybersecurity goals.

Execs typically want answers to questions like:

• What are our risks, 和 how are we addressing them?
• How secure are we compared to similar organizations?
• Are we budgeting the right amount for cybersecurity?
• Where do we have opportunities for efficiencies or 供应商整合?
• How are we addressing that thing in the news?
  

So, when presenting to execs it’s essential to put metrics into context. One way to do this is to craft a narrative that brings metrics to life. Stories often have more of an impact than facts 和 figures alone. This isn’t anecdotal; neuroscience has shown that when we are presented with a story, we underst和 the information more deeply, 记住时间, 和 are more likely to factor what it taught us into future decisions.
For more tips on crafting an effective narrative, 和 much more, download Presenting Upward: How to Showcase SecOps Metrics That Matter 现在.