Measuring Cyber Security Success

The call for measuring cyber security success – the ability to provide information metrics about the posture of the network, which can be used to assess the level of threats, and to decide when to heighten security postures due to perceived risks. Often this can be a misunderstood philosophy based on paradigms of typical logistical measures. Cyber security is measured mostly in negatives. How the C-Suite and security managers must change the measurement of achieving cyber security success.

Traditional SOCs are measured on how many intrusions were caught in a given quarter or how many blocks the firewall can log. Through this daily regimen, analysts are implicitly taught that quantitative metrics collection by reactive analysis is the formula for success – success being measured by evidence of an incident detected and associate response time to remediate. Being proactive is a skill that takes time and effort where tangible wins are not easy to come by. They are harder to quantify because how do you measure the success of a non-intrusion? Consequently, from the perspectives of effectiveness and sustainability, a CND strategy must include both reactive and proactive approaches.