Building a proactive security posture using analytics

You can only manage what you can see. Many clients still manage their IT and cybersecurity environments without clear metrics or SLAs in place. Without data to understand and contextualise risks, trends, improvements, or issues, improving your security posture is an almost impossible task.

The right metrics and visibility can also greatly aid your goal of ensuring alignment and buy-in within your organisation, both up and down the chain of command. By showing those in an operational capacity what risks or business SLAs you’re trying to manage, you are more likely to achieve that buy-in and ensure the various teams understand what they need to do, but more importantly why they need to do it. For those in a more operational capacity, visibility through data and analysis thereof helps provide evidence for the work being done and improvements being made. It can help provide those in a more risk, compliance, and governance function, with a level of understanding about the challenges being faced in meeting the business requirements and targets. It provides a non-emotional common language for those who should be working towards the same goal – improving the security posture and reducing risk. Analytics can clearly show where something is not working, and changes need to be made.

Tracking and analysing data helps to identify issues before they occur but also helps provide an understanding of why they occurred if they were not proactively detected and thus ensure that any future such events are less likely to occur.

Establishing the right metrics and then putting in the analysis as to what the data means is key to ensuring your organisation is aligned and improving. The metrics that require tracking and analysis will and should change over time.

By partnering with experienced security partners, businesses can be guided as to what metrics should be tracked and analyzed to provide the improvements required. The right partners will identify issues and provide the ‘so-what’ analysis that comes with years of experience in the relevant security space. At Nclose we promote the notion that information must be presented in a way that tells a story and then we need to investigate and analyse to find out exactly what the story is that needs telling.

Organisations should:

  • Establish and agree on what needs to be tracked (Metrics)
  • Agree on why it needs to be tracked (Security/Business Value)
  • Set targets
  • Experiment with different metrics to track, being prepared to add and remove if there’s no value
  • Find a way to tell a story through analysis and why it matters to the business

Need to Mitigate a Cyber Risk?