Continual Improvement In The Key To Optimum Cyber Security – CIO Applications

Eric Lovell, Senior Director, It/Cyber Security Risk, Ally

And from a risk perspective (with few exceptions), cyber security relevant information technology aligned metrics are at the top of the mind for boards, end users, and every stakeholder group.

I would hazard to guess that at any organization, cyber security metrics of some type are being collected, tracked, and communicated. Some organizations have robust, well managed programs; others may take a minimalist approach, only tracking a handful of items because leadership demands accountability for basic things with direct and obvious business impact.

In regulated industries, such as financial services, there is an expectation that their entire digital presence should be secure and well managed. For many firms, the identification, collection, tracking, and reporting of metrics, rather than an ancillary process, is a fundamental organizational capability with measurable value for all stakeholders.

In my experience, even a cursory review of industry specific regulatory, academic, and authoritative cyber security standards and/or research products produced by organizations such as the Center for Internet Security, and the National Institute of Standards and Technology, like a mature cyber risk management metrics program has the following characteristics:

1.Both retrospective and prospective/actionable

2.Comprehensive in scope but limited in number

3.Clear, concise, and of adequate frequency to provide expected benefits

4.Authoritative, both internally and externally

The rest is here:
Continual Improvement In The Key To Optimum Cyber Security - CIO Applications

Related Posts

Comments are closed.