In a fast-changing world, stopping to assess your success isn’t really an option anymore. It is increasingly important that security teams are constantly proving their worth and tracking their successes with a view to constantly improving so as to not to get caught behind the times and therefore exposed.

How to Make Sure You’ve Got the Momentum You Need

I’d like to propose that you keep a close eye on your “speed of security” and set your sec-ops team up to be Olympic-quality security athletes who are able to run faster and longer than the competition.

If you want to win the race against the bad guys, however, you’ll need to make sure your security program includes plenty of watching the stopwatch so that you know you’re always on the right track and making the right adjustments to your regime in order to keep on winning.

Let’s have a look at four example measures you can start with.

Time to Patch

In your vulnerability management program, Time to Patch, the measurement from when a vulnerability is first discovered through to the time it’s ultimately resolved, is a key measurement. This statistic seems like “common sense” to many. But reporting on this stat requires some planning about how to best present an accurate picture of your security activities.

For example, you’ll want to consider how to best evaluate this data when a project results in a large number of new devices getting added to your network. This increases the surface area for vulnerabilities, which can take away vital time from your team who may already be working to patch older vulnerabilities that remain on the estate. You will also want to consider how you can report on exceptions for long-outstanding vulnerabilities where applying a security fix can’t happen due (Read more...)