Generative Data Intelligence

Cyber Security

What Does Socrates Have to Do With CPM?

Republished by Plato
Republished by Plato

Date:

Views: 10

Question: What does the “P” in cybersecurity performance management mean? How do we measure performance?

Shirley Salzman, CEO and co-founder at SeeMetrics: Attributed to Greek philosopher Socrates, the aphorism “know thyself” reminds us that to comprehend the world around us, we must first understand ourselves. Similarly, in cybersecurity a crucial first step to assessing is knowing ourselves — understanding not only our capabilities, but how effectively we’re applying them.

In theory, the cybersecurity performance management (CPM) model offers security leadership a simple way to know themselves, as well as to communicate and collaborate with peers and executives in a complex, siloed ecosystem.

In practice, there’s a hitch. How can a CISO create a streamlined performance narrative without a single source of truth? CISOs need to rely on a complex web of narratives made up of disparate metrics, different contexts, and no single standard for measuring performance.

This makes getting answers to key questions nearly impossible: How are my security programs performing? How prepared are we for threats? Performance should be derived from a uniform set of measurements, metrics, and KPIs. Yet, currently, these simply don’t exist.

And this is what Socrates has to do with CPM. The “P” in CPM has become a central tenet in the CISO’s “know thyself” ethos, transforming CPM into a part of the day-to-day management toolkit — because knowing is the first step to not only communicating, but also managing.

Breaking Down the P in CPM

In the spirit of “know thyself,” let’s break down “performance.” What do CISOs need to know? Performance comprises four key areas:

  1. Security programs: Enterprise security organizations manage multiple and diverse security programs. To measure the performance of each program, CISOs need to evaluate a range of metrics and KPIs that encompass people, technology, and processes. Yet within each program, a given metric is likely to have different characteristics.
  2. Threat assessment: CISOs need to measure their threat readiness by assessing the likelihood and potential damage of specific threats. In order to assess a threat, they need to define the measurements relevant for the threat vector, correlate data from various security programs, and ultimately evaluate readiness. Yet we still lack a uniform standard for measuring readiness.
  3. Control effectiveness: Security organizations have dozens of security products that provide hundreds of controls. Until recently, CISOs needed to just “check the box,” confirming that they had controls in place. Today they are expected to know how exactly controls were deployed and configured, not to mention their specific impact on overall performance.
  4. Customization: Security leaders need the flexibility to leverage measurements and metrics for a range of ad-hoc projects and policies. For example, if the organization is migrating from one endpoint detection and response (EDR) solution to another, it needs to know how to track progress without impeding team efforts. Or when onboarding a new vulnerabilities management team, it needs to know how to track the team’s contribution.

Toward a Unified, Collaborative Security Organization

Security leaders need to leverage the P in CPM to build a more unified and collaborative security organization — sharing insights, defining more realistic goals, and tracking progress.

Just like Socrates urged us to know ourselves, it’s time for security leaders to rethink the role of performance. It’s no longer sufficient to report performance — it’s time to leverage it for better management, too. By focusing on the P in CPM, security leaders can markedly enhance both cybersecurity operations and overall security performance.

spot_img

Latest Intelligence

spot_img

Copyright @ 2024 Plato Technologies Inc.

Chat with us

Hi there! How can I help you?