Varnostni strokovnjaki morajo ugotoviti, kako doseči svoje varnostne cilje s proračuni, ki jih imajo. Prav tako morajo pokazati, da so njihovi varnostni programi učinkoviti pri zaščiti njihovih organizacij. Morajo biti sposobni upravičiti izdelke in orodja za kibernetsko varnost, ki so jih kupili, ter artikulirati donosnost naložbe (ROI).
Now there’s a tool for that. SecurityScorecard released a content and ROI calculator to help security practitioners figure out high-level estimates to illustrate the organization’s overall security posture.
“At a time of economic uncertainty, strengthening cybersecurity postures must be a priority, as bad actors take advantage of volatility,” says Cindy Zhou, chief marketing officer at SecurityScorecard. “Organizations must be able to know and articulate if the cybersecurity products and tools they have purchased provide a sound ROI.”
Varnostne ekipe bi morale upoštevati veliko različnih dejavnikov tveganja, ko razmišljajo, kaj kupiti za svoje varnostne programe, pravi Zhou. Seznam vključuje varnost omrežja, zdravje DNS, kadenco popravkov, varnost končne točke, ugled IP-ja, varnost aplikacij, oceno v kubitih, hekersko klepetanje, uhajanje informacij, socialni inženiring in poznavanje njihove digitalne dobavne verige.
Izračun tveganja za upravičevanje porabe
Kvantificiranje kibernetskega tveganja v finančnem smislu omogoča organizacijam, da razumejo finančni učinek kibernetskega napada, pridobijo vpogled v tveganja, ki jih predstavljajo njihovi prodajalciin količinsko opredeli zmanjšanje pričakovanih izgub, če so težave odpravljene. Na primer, izdelek kibernetske varnosti lahko stane 200,000 USD; vendar pa se lahko brani pred kršitvijo podatkov v vrednosti 5 milijonov USD in tako organizaciji dolgoročno prihrani znatna sredstva.
“CISOs must be able to quantify their business’ cyber-risk to justify the spend on their cybertech stack,” Zhou says.
Drugi ključni dejavnik je zmožnost nabave zavarovanja pred kibernetskimi tveganji in s tem povezanih premij.
“Many insurers use SecurityScorecard to assess if a company is eligible for a policy,” she says. “CISOs and CFOs need to demonstrate their security posture just to be considered for a policy.”
The interactive calculator is based on data collected for Forrester Consulting’s Skupni gospodarski učinek kartice SecurityScorecard. Forrester Consulting je izdelal finančni model z uporabo formule skupnega ekonomskega učinka.
Kot del študije so svetovalci kvantificirali učinke uporabe SecurityScorecard v podjetju, vključno s povečano učinkovitostjo pri obvladovanju tveganj, tehnološko učinkovitostjo in konsolidacijo ter izboljšano varnostno držo. Ta pristop ne meri samo stroškov in zmanjšanja stroškov znotraj organizacije, ampak tudi pretehta omogočeno vrednost tehnologije pri povečanju učinkovitosti celotnih poslovnih procesov.
Razširi se kalkulator ROI SecurityScorecard’s Cyber Risk Quantification (CRQ) capabilities, ki so zasnovani tako, da strankam pomagajo razumeti kibernetska tveganja v finančnem smislu kot del celovite analize poslovnih tveganj.
Pridobivanje izvršnega buy-ina
The C-suite and the board are used to focusing on the organization’s financial performance, so the CISO needs to be able to quantify cyber-risk in financial terms, says John Hellickson, field CISO at Coalfire. This way, the CISO can also justify and dajte prednost kibernetskim naložbam.
To vsem strankam omogoča sprejemanje premišljenih odločitev o finančnem vplivu in poslovnih rezultatih takih naložb.
“Justifying and accounting for the people, process, and technologies already in place ensures that current mitigating controls are considered in the overall risk calculations,” Hellickson says.
From Hellickson’s perspective, validating the comprehensiveness of the cybersecurity strategy, knowing the maturity and risk level of current investments, and estimating how future investments will improve that maturity and effectively manage that risk is key to gaining executive trust and support.
“Focusing spend on the assurance of not being breached just about went by the wayside when fear, uncertainty, and doubt tactics stopped working nearly a decade ago when year after year security investments continued to rise,” he adds.
Building a cyber program strategy that demonstrates positive business outcomes goes much further in the CISO’s ability to influence other executives.
For years, organizations have increased spend, especially application security spend, and they’ve still failed to achieve the kind of coverage of their application portfolio they desire, says John Steven, CTO of ThreatModeler.
“When organizations see this spend as unsustainable, let alone the requested rate of growth, security executives must demonstrate they’re not only getting stuff done, but getting more done for less than peer CISOs, or those that have come before them,” he says.
As common as breaches are across the industry, they are probably rare within a single organization, so “time since breach” should be a fairly sleepy indicator of activity and result, Steven adds.
“Focusing on delivery enablement or customer friction can be significantly more impactful,” he says.
- blockchain
- kriptokurrency denarnice
- kripto izmenjava
- kibernetska varnost
- cybercriminals
- Cybersecurity
- Temno branje
- oddelek za domovinsko varnost
- digitalne denarnice
- požarni zid
- Kaspersky
- zlonamerna programska oprema
- Mccafee
- NexBLOC
- platon
- platon ai
- Platonova podatkovna inteligenca
- Igra Platon
- PlatoData
- platogaming
- VPN
- spletna varnost
