December 19, 2023 at 07:26PM
Expel released the report “Frameworks, Tools and Techniques: The Journey to Operational Security Effectiveness and Maturity” by the SANS Institute. The majority of respondents prefer the NIST CSF framework. Results also indicate a lag in training and cyber-readiness exercises. The report provides insights on SOC practices, metrics, and security program maturity. For more information, visit Expel.com.
Based on the meeting notes, the key takeaways are as follows:
1. The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) is the most preferred cybersecurity framework among survey respondents.
2. The majority of organizations are using metrics to assess and improve security, with the top three metrics collected and measured being security incidents, vulnerability assessments, and intrusion attempts.
3. There is a gap in the presence of formal IT/security training programs, as more than 40% of respondents reported not having such programs in place.
4. Cyber-readiness exercises are not being performed routinely by over 30% of respondents, and there is room for improvement in terms of preventative measures.
5. The SANS Institute conducted a comprehensive online survey of IT and cybersecurity professionals from private and public-sector organizations across industries and geographies between August 2023 and September 2023.
I hope that provides a clear summary of the meeting notes. Let me know if you need any further information.