Penetration testers and vulnerability analysts do bad things for good reasons. These positions require thinking like a cybercriminal in terms of hacking and violating security breaches so organizations can learn where their network weaknesses are and take measures to protect themselves against that exposure. Because of the various tasks and reporting that pen testers do — such as collecting data, deploying testing methodology, locating and managing vulnerabilities, and reviewing physical security — project management knowledge is a desirable qualification.
Feeling good about cybersecurity or understanding the issues involved are hard to measure, but tracking progress should not be. Using metrics for cybersecurity is a relatively new concept. In the past, most companies would claim success if there were no security breaches (that they knew about). But in today’s environment, a security breach can go months without being detected, causing damage the whole time.
IT pros can take the lead on building consensus around the metrics that matter for the organization and reporting on progress to help justify any investments being made.
Some commonly used metrics include the following:
Number of successful security audits
Percentage of employees who have been through security training
List of systems that have had a formal risk assessment
Most companies are trying to break down silos and build a collaborative environment for discussing technology. In this environment, the business units can describe goals and timeframes, and IT can describe tradeoffs and possibilities. This strategic approach is in its early stages, and coming to agreement on risk tolerance and cybersecurity actions will be a major ingredient in moving the discussion forward.
More Info: a+ network+ security+ salary
Feeling good about cybersecurity or understanding the issues involved are hard to measure, but tracking progress should not be. Using metrics for cybersecurity is a relatively new concept. In the past, most companies would claim success if there were no security breaches (that they knew about). But in today’s environment, a security breach can go months without being detected, causing damage the whole time.
IT pros can take the lead on building consensus around the metrics that matter for the organization and reporting on progress to help justify any investments being made.
Some commonly used metrics include the following:
Number of successful security audits
Percentage of employees who have been through security training
List of systems that have had a formal risk assessment
Most companies are trying to break down silos and build a collaborative environment for discussing technology. In this environment, the business units can describe goals and timeframes, and IT can describe tradeoffs and possibilities. This strategic approach is in its early stages, and coming to agreement on risk tolerance and cybersecurity actions will be a major ingredient in moving the discussion forward.
More Info: a+ network+ security+ salary
No comments:
Post a Comment