CISO Series Newsletter
Posts
01-23-20 - The Most Valuable Metric a CISO Can Deliver to the Board

01-23-20 - The Most Valuable Metric a CISO Can Deliver to the Board

The Most Valuable Metric a CISO Can Deliver to the Board

January 23, 2020

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Presenting to the Board

On this episode of Defense in Depth:

Co-host Allan Alford and our guest Barry Caplin, executive leadership partner, Gartner, discussed:

If you are going to show one metric, the most popular one is dwell time or the time between when an attack happens, when you discover it, and when it's remediated.
The one metric of dwell time provides a lot of information as to the maturity of a CISO's security program as it coincides with its ability to respond to incidents.
A conversation with the board begins with a discussion of what risk is. But getting that information out of the board is far from a simple task. Vague answers are not helpful.
Metrics are of value to the board, but avoid offering up tactical metrics. Instead, utilize strategic metrics.
Once risk appetite is understood and agreed upon, then it's appropriate to begin a discussion of the security program's maturity.
Caplin recommends a four-slide presentation for the board:
- Where we were, problem areas identified per risk and maturity.
- What we spent and a bit of why we spent.
- Where we are now (metrics come into play here). Best to show how much progress you've made in implementing security programs.
- Where we want to go next, and what the next ask is.
If you're going to show a metric, it should answer a very specific question for the board.
Some CISOs aim for a storytelling approach completely avoiding metrics because metrics have unfortunately led the board down the wrong path. It's either the wrong metrics, too detailed of a metric, or metrics not tied to business risk or to a maturity model.

Special thanks to this week's Defense in Depth podcast sponsor, Anomali.

Anomali is a leader in intelligence-driven cybersecurity solutions. Anomali turns threat data into actionable intelligence that drives effective security and risk decision making. Customers using Anomali identify cyber threats from all layers of the web, automate blocking across their security infrastructures, and detect and remediate any threats present in their networks. www.anomali.com

Mike Wilson, CTO and Founder, Enzoic on the best kind of threat intel

RECORDING at Cybertech 2020 in Tel Aviv

If you haven't already registered for our live audience recording in Tel Aviv on Monday, January, 27th, 2020, please do so.I will also be in Tel Aviv all week for Cybertech and specifically on Wednesday, January 29th, 2020, If you see me roaming the halls with my orange "CISO/Security Vendor Relationship Series" microphone, please come up and say, "Hello." I may have a quick question to ask you on camera. But I'm also there on January 28th and 30th just trying to be a sponge and learn as much as I can from the Tel Aviv cybersecurity community.

Gary Hayslip, CISO, Softbank Investment Advisers on taking care of yourself before your employees

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.