July 30, 2024 at 10:22AM Organizations need to assess the effectiveness of their cybersecurity investments, including password policies. Aligning password policies with wider cybersecurity KPIs allows IT teams to measure the success or failure of their password security policies and identify areas needing improvement. Specops Password Auditor is a free tool for evaluating Active Directory’s … Read more
April 19, 2024 at 01:40PM Black Hat Asia conference in Singapore discussed the challenge of distinguishing true security threats from false alarms. Allyn Stott emphasized the importance of metrics in assessing detection and response programs, driving improvements, and demonstrating risk reduction to the business. He advised using frameworks like MITRE ATT&CK, SANS Institute’s HMM, and … Read more
February 29, 2024 at 10:01AM Security teams face increasing challenges with managing risk as code and cloud assets continue to sprawl, leading to a surge in vulnerabilities and longer remediation times. Mean time to remediate (MTTR) emerges as a crucial metric for gauging security success, requiring organizations to streamline vulnerability management and prioritize high-risk issues … Read more
February 16, 2024 at 07:12PM “CISO Corner” offers curated articles for security operations and leadership. It covers topics such as security metrics, convergence of CISO & CIO roles, FCC’s new breach reporting rules, budget trends in the Middle East & Africa, and concerns about Ivanti VPN vulnerabilities. For detailed information, visit Dark Reading’s website. From … Read more
February 15, 2024 at 08:29AM Due to increased SEC regulations, companies are under pressure to enhance transparency and speed up breach disclosure in cybersecurity reporting. Boards are demanding more rigorous tracking of KPIs and KRIs, operational metrics, and asset and security performance indicators. The book, “The Cyber Savvy Boardroom,” co-authored by Homaira Akbari and Shamla … Read more
December 19, 2023 at 07:26PM Expel released the report “Frameworks, Tools and Techniques: The Journey to Operational Security Effectiveness and Maturity” by the SANS Institute. The majority of respondents prefer the NIST CSF framework. Results also indicate a lag in training and cyber-readiness exercises. The report provides insights on SOC practices, metrics, and security program … Read more
December 7, 2023 at 10:07AM CISOs face challenges in communicating their strategic role to leadership and boards. Key to board presentations is summarizing information security’s protective role and using metrics to demonstrate impact on risk, growth, expenses, and people. Successful CISOs align with boards on risks, show ROI improvements, support revenue growth, and foster a … Read more
November 2, 2023 at 05:30AM The Forum of Incident Response and Security Teams (FIRST) has announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard. This update aims to provide a more accurate assessment of vulnerabilities and introduces new metrics for assessment. It also emphasizes that CVSS should not be the sole … Read more
October 25, 2023 at 09:21AM The Cybersecurity Resilience Quotient (CRQ) is a proposed industry-wide metric to assess and improve organizations’ cybersecurity resilience. It goes beyond traditional metrics by considering factors such as asset criticality, exposure, vulnerability, risk tolerance, architecture defensibility, business process vulnerabilities, and incident response preparedness. The CRQ can be used for benchmarking, risk … Read more