How to automate security metrics without upsetting your colleagues

Click for: original source

The need for greater automation in security metrics and measurement is clear to most people in our industry. Security teams have the luxury of access to an enormous amount of security data, giving insight into every aspect of their environments. By Nik Whitfield.

With greater use of automation, your metrics and measures become more accurate and effective at preventing control failures. It also makes organisations more efficient - our own research shows that security teams spend 54% of their time manually producing reports.

When we increase data quality through automation it brings accuracy and precision, and therefore confidence in our metrics and measures. Security teams become more efficient and can focus on activities that have the most business impact.

A smooth transition from distributed, siloed measurement to automated, centralised measurement relies on two factors: communication and strong stakeholder management. Everyone involved in metrics and reporting needs to understand the benefits of moving to a centralised philosophy for data and measurement. When metrics and measures are created by individuals or departments, they are restricted by the skills and data they have available.

It also produces outcomes that align to their own objectives and agenda, without necessarily taking into account the organisation’s strategic goals, consistent approaches to measurement or context available in other parts of the organisation. Good read!

[Read More]

Tags infosec management miscellaneous cio analytics