Tenable Using Security Metrics To Drive Action FOREWORD Today’s cybersecurity challenges are more complex than ever before. Technologies like Development Containers, Cloud, BYOD, and BYOA have greatly complicated the security team’s ability to understand all of the potential IT attack surface. And while you may have the budget dollars to invest in new cyber technologies, the size and workload of your security team is a key gating issue. The core foundation of a successful cybersecurity program requires that you understand all of the IT assets operating against your environment, both inside and outside of your network, identify and remediate vulnerabilities, and continuously assess and measure risk. Although organizations are investing more of their IT budget on cybersecurity technologies, high-impact breaches continue to make headlines. As a result, senior business executives and board members are asking security teams tough questions about the effectiveness of their security controls—and how they are measuring, getting control of, and reporting on cyber risk. At Tenable, we partnered with the team at Mighty Guides to ask senior security industry leaders the following questions: “Your CEO calls and asks, ‘How exposed are we, and how secure is our organization?’ What strategies and metrics do you use to answer?” We compiled their responses into this e-book–giving you useful insights from your peers on how they answer these tough questions–so that you can be prepared when asked yourself. While every organization is different and has its own unique challenges and constraints, CISOs must deliver answers that are metrics driven, benchmarked to industry best practices and standards, defensible and approximate reality. We hope you find this e-book useful in helping you develop and communicate security metrics in your own organization. And in follow-on parts of this series, we will share with you additional market research that we know you will find compelling and useful when communicating the effectiveness of your cybersecurity program to your C-suite and Boards. About Tenable Tenable transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats, and reduces exposure and loss. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable’s customers range from Fortune Global 500 companies, to the U.S. Department of Defense, to mid-sized and small businesses in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring. For more information, please visit tenable.com. Amit Yoran Chairman and Chief Executive Officer Sponsored by: 3 INTRODUCTION As the challenge of securing digital assets grows, the challenge of quantifying an organization’s security posture is also growing. This is due in part to the added layers of protection needed to secure IT infrastructures that have no perimeter, and the sheer quantities of data generated by new security technologies. It is further complicated, especially for global companies, by regional differences in security practices, standards, and regulatory environments. In order to better understand how security organizations operating in Europe and the Middle East use metrics to describe their security posture, we decided to ask them. With Tenable’s generous support, we posed this question to a number of security experts: Your CEO calls you in and asks ‘Just how secure are we?’ What strategies and metrics would you use to answer that question? For this e-book we spoke to a global audience, including people from Germany, France, the Middle East, and the UK. In these regions, security practices and regulatory environments are very mature. Yet politics often plays a role in which security frameworks can be used in certain countries. For example, a French company with global operations may use a US standard framework in its European operations, but it must adopt a different framework for its Middle East operations. Also, the risk landscape can vary considerably from one region to another, not only because of the nature of potential threats, but because of the varying costs of regulatory noncompliance. Any business with operations in EMEA will find value in the perspectives of these EMEA-based security experts. Mighty Guides make you stronger. These authoritative and diverse guides provide a full view of a topic. They help you explore, compare, and contrast a variety of viewpoints so that you can determine what will work best for you. Reading a Mighty Guide is kind of like having your own team of experts. Each heartfelt and sincere piece of advice in this guide sits right next to the contributor’s name, biography, and links so that you can learn more about their work. This background information gives you the proper context for each expert’s independent perspective. Credible advice from top experts helps you make strong decisions. Strong decisions make you mighty. All the best, David Rogelberg Publisher © 2017 Mighty Guides, Inc. I 62 Nassau Drive I Great Neck, NY 11021 I 516-360-2622 I www.mightyguides.com Sponsored by: 4 Please complete the form to gain access to this content Email * First name * Last Name * Access Now
FOREWORD Today’s cybersecurity challenges are more complex than ever before. Technologies like Development Containers, Cloud, BYOD, and BYOA have greatly complicated the security team’s ability to understand all of the potential IT attack surface. And while you may have the budget dollars to invest in new cyber technologies, the size and workload of your security team is a key gating issue. The core foundation of a successful cybersecurity program requires that you understand all of the IT assets operating against your environment, both inside and outside of your network, identify and remediate vulnerabilities, and continuously assess and measure risk. Although organizations are investing more of their IT budget on cybersecurity technologies, high-impact breaches continue to make headlines. As a result, senior business executives and board members are asking security teams tough questions about the effectiveness of their security controls—and how they are measuring, getting control of, and reporting on cyber risk. At Tenable, we partnered with the team at Mighty Guides to ask senior security industry leaders the following questions: “Your CEO calls and asks, ‘How exposed are we, and how secure is our organization?’ What strategies and metrics do you use to answer?” We compiled their responses into this e-book–giving you useful insights from your peers on how they answer these tough questions–so that you can be prepared when asked yourself. While every organization is different and has its own unique challenges and constraints, CISOs must deliver answers that are metrics driven, benchmarked to industry best practices and standards, defensible and approximate reality. We hope you find this e-book useful in helping you develop and communicate security metrics in your own organization. And in follow-on parts of this series, we will share with you additional market research that we know you will find compelling and useful when communicating the effectiveness of your cybersecurity program to your C-suite and Boards. About Tenable Tenable transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats, and reduces exposure and loss. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable’s customers range from Fortune Global 500 companies, to the U.S. Department of Defense, to mid-sized and small businesses in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring. For more information, please visit tenable.com. Amit Yoran Chairman and Chief Executive Officer Sponsored by: 3 INTRODUCTION As the challenge of securing digital assets grows, the challenge of quantifying an organization’s security posture is also growing. This is due in part to the added layers of protection needed to secure IT infrastructures that have no perimeter, and the sheer quantities of data generated by new security technologies. It is further complicated, especially for global companies, by regional differences in security practices, standards, and regulatory environments. In order to better understand how security organizations operating in Europe and the Middle East use metrics to describe their security posture, we decided to ask them. With Tenable’s generous support, we posed this question to a number of security experts: Your CEO calls you in and asks ‘Just how secure are we?’ What strategies and metrics would you use to answer that question? For this e-book we spoke to a global audience, including people from Germany, France, the Middle East, and the UK. In these regions, security practices and regulatory environments are very mature. Yet politics often plays a role in which security frameworks can be used in certain countries. For example, a French company with global operations may use a US standard framework in its European operations, but it must adopt a different framework for its Middle East operations. Also, the risk landscape can vary considerably from one region to another, not only because of the nature of potential threats, but because of the varying costs of regulatory noncompliance. Any business with operations in EMEA will find value in the perspectives of these EMEA-based security experts. Mighty Guides make you stronger. These authoritative and diverse guides provide a full view of a topic. They help you explore, compare, and contrast a variety of viewpoints so that you can determine what will work best for you. Reading a Mighty Guide is kind of like having your own team of experts. Each heartfelt and sincere piece of advice in this guide sits right next to the contributor’s name, biography, and links so that you can learn more about their work. This background information gives you the proper context for each expert’s independent perspective. Credible advice from top experts helps you make strong decisions. Strong decisions make you mighty. All the best, David Rogelberg Publisher © 2017 Mighty Guides, Inc. I 62 Nassau Drive I Great Neck, NY 11021 I 516-360-2622 I www.mightyguides.com Sponsored by: 4
Related Resources Tenable Vulnerability Intelligence Report Read more Tenable Cyber Defender Strategies: What Your Vulnerability... Read more Tenable Quantifying the Attacker's First-Mover Advantage Read more Tenable Cyber Exposure for Dummies Read more Tenable eBook_Mighty Guide_Reducing Cyber Exposure from Cl... Read more Tenable Tenable & IDG Whitepaper_Building a Secure Foundat... Read more Tenable Thirteen Essential Steps to Meeting the Security C... Read more Tenable 3 REASONS: Why DevOps is a Game-Changer for Securi... Read more Tenable Reducing Cyber Exposure from cloud to containers Read more Tenable ECONOMIC, OPERATIONAL & STRATEGIC BENEFITS OF SECU... Read more Tenable Five Steps to Building a Successful Vulnerability ... Read more Tenable 2017 Trends in Security Metrics and Security Assur... Read more Load more
© 2024 Infotech Crowd. All rights reserved. Privacy Policy Cookies Policy Advertise with us Back to top