Risk Management & Reporting

The difference between PIs and KPIs in cyber security

The difference between “performance indicators” (PIs) and “key performance indicators” (KPIs) seems obvious.  “Key” ones are more important, they are a subset of a larger (and longer) list.

In security, particularly in compliance-driven environments where the information security management system (ISMS) is aligned to a standard, there can be over a hundred controls that must be in place and (ideally) routinely audited, monitoring and reported on.

Read More

Getting the most from security measurement

One common challenge in security is in proving status reports or demonstrating progress against security KPIs – either ongoing operational ones or those that reflect continual improvement (for example, corresponding to a security improvement project).

Read More

Comparing Ways to Measure Security Control Effectiveness

There is a growing range of ways to provide security control metrics and assessments for businesses.  The intended audience of these solutions tends to be non-security people, for example senior board members (for enterprise security and the associated risks) and procurement or risk/compliance managers (for third party security risk exposures) who need an understanding of cyber risk and security control effectiveness to monitor performance, improvements or exceptions.

Read More

Are your Cyber Security Controls effective?

Various factors are converging to influence the need for better management of cyber security risk. Whether it’s to understand the effectiveness of security controls, isolate any weaknesses or to simply acknowledge cyber security as a corporate governance issue; the requirement for greater visibility of an organisation’s cyber security posture is a given.

Read More

Cyber Risk Management: The SOC Team Perspective

Organisations are being asked by regulators, partners, and other stakeholders to improve their cyber security risk management process. As cyber risk becomes recognised as a business risk both senior executives and operations security managers are seeking greater visibility of those risks and access to tools that will help mitigate them.

Read More

Cyber security readiness: An insurance industry view

Much has been written about the growing and increasing maturity of the cyber security insurance market.  There is also no shortage of (rather depressing) surveys of companies and breaches to give scale to the size of the cyber security problem.  In Australia the research done on past breaches by ACSC led directly to the formulation of the Essential 8 cyber mitigation strategies.

Read More

Cyber Risk Measurement – What Executives Need to Know

Whether as a result of increased governance at Board level or simply improved performance management practice, cyber risk measurement and management is now acknowledged as an important 360-degree risk mitigation strategy to support your corporate risk management responsibilities.

Read More
1 2 3