CyberSecurity Metrics Program

1
CyberSecurity Metrics

• Building a Holistic Metrics Program

2
Introduction
An organization's ability to discover and reduce
risk in a more preventative manner rests heavily
on having clear cybersecurity and security
operations metrics. Understanding the overall
security posture of your enterprise is determined
by creating a baseline of select organizational
and security operations metrics.
3
Establishing organizational and security
operations metrics improves management and
reduces company risk

4
How CyberSecurity Metrics Work
With baseline numbers established, you can then
begin to increase visibility, education, and
improvement to both technology and processes
within your program. Metrics should be garnered
from critical assets with risks and improvements
presented to key stakeholders within the
organization. These metrics help determine
where particular areas of a program are running
smoothly and where additional insight should be
applied.
5
Defining CyberSecurity Metrics
These are the areas where you should be building
metrics first. Ultimately, you're looking to
measure your ability to effectively and
proactively secure your company's most valuable
assets. Determining what information to collect
and how you'll gather and analyze this data is a
crucial step in your metrics journey. You'll also
want to gut-check your identified metrics with a
risk-based team, if available, to determine
prioritization of the remediation efforts when
those needs arise.
6
Baselines For Goal Settings
Creating baselines is what youll use to
determine the current cyberSecurity maturity of
your organization overall as well as your SOC.
Baselines also help you identify any outliers or
blatant concerns which require urgent attention.
By creating this foundation and setting standards
reflecting whats normal within your
organization, you create a basis for setting
goals and milestones.
7
How To Set An Effective Goal

• To set this as an effective goal, you would need
  to have already done the following
• Baseline the current state of your patching
  performance - what is the current time frame for
  new patches to be applied?
• Understand your organization's risk tolerance -
  how long are unpatched systems acceptable?
• Only by understanding these elements can you
  determine if a one-week patching window is
  actually a good, reasonable, achievable goal.

8
Strong CyberSecurity Metrics Program
The first step in building your enterprise
cybersecurity metrics and security operations
KPIs is setting clear direction as to what you're
collecting and why. Youll need true vision and
stakeholder buy-in on a defined path forward.
Throughout my career, I've seen groups attempt to
get stakeholder approval first - without having
a plan, vision and long-term strategy.
9
Analyze Improve Cybersecurity Metrics
The reports should be sent to stakeholders with a
clear representation of whats being measured,
its priority, what its baseline was and how its
changed over time. Producing these reports
requires analysis to get a full understanding of
the numbers have the ability to explain progress,
shortfalls and fluctuations. The ability to
automate incident response and remediation
processes can limit skewed metrics, streamline
reporting, improve predictability and allows for
better data hygiene when speaking with
stakeholders.
10
Conclusion
Metrics are an important part of your
cybersecurity and security operations programs
and being able to measure your progress shows how
well your security program is functioning. Having
key stakeholders brought to review your vision
and strategy will assist with getting other teams
to cooperate in your data collection. The more
you can automate metric collection as well as in
broader security automation processes, the
quicker you can respond and produce reports.