Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
BENCHMARKING
A CIOS GUIDE FOR REDUCING SECURITY ANXIETY
INTRODUCTION
In order for a business to be competitive, it must be
continuously improving. This is something the modern chief
information officer (CIO) knows all too welland has likely
lost some sleep over! But in order to build out the business
structure and technical functionality that enables your
organization to deliver products and services quickly and
efficiently, you have to know how youre doing compared to
how your competitors and peers are doing.
Page 2
WHY CYBERSECURITY BENCHMARKING IS A CHALLENGE FOR CIOS TODAY
Page 3
WHY CYBERSECURITY BENCHMARKING IS A CHALLENGE FOR CIOS TODAY
27001-compliant? and Do we
YOU HAVE TO BE ABLE TO have any outstanding high-risk
CLEARLY COMMUNICATE findings open from our last audit or
CYBERSECURITY assessment?
EFFECTIVENESS TO THE Operational effectiveness
BOARD. metrics: These are quantitative
metricsbacked with actionable
Ten to 15 years ago, cybersecurity datathat take a deep dive into
was an afterthoughtand certainly the state of your cybersecurity
wasnt a critical issue in the program. Operational metrics
boardroom. Today, this has changed are backed with actionable data.
dramatically. Boards today expect For example, How quickly can
good cybersecurity hygiene and we (or our vendors) identify and
need to be updated on the status of respond to incidents? And, How
a cybersecurity program regularly. did we compare to our peers
across a certain time span? The
Your board will expect you to discuss latter question could be difficult to
a number of cybersecurity metrics, answer if you dont have the right
which are often divided into two databut with BitSight Security
categories: Ratings (which well discuss later
on in this guide) you can easily
compare your performance to a
Audit and compliance metrics: number of your competitors over a
These deal with legal or fiduciary period of time.
requirements like Are we ISO-
Page 4
FORMAL VS. INFORMAL CYBERSECURITY BENCHMARKING
Page 5
ACTIONABLE RISK VECTORS & CONFIGURATIONS TO CONSIDER
Informal benchmarking
methods are helpful
for the CIO in day-to-day
activity, but dont always
offer direct, actionable
insights.
Page 6
DATA-DRIVEN BENCHMARKING WITH BITSIGHT
DATA-DRIVEN BENCHMARKING
WITH BITSIGHT
If you want a quantitative, objective view of your cybersecurity
effectiveness compared to thousands of other organizations in
your same sector, you need BitSight Security Ratings.
Page 7
IDENTIFY SECURITY ISSUES
RIGHT WHEN THEY HAPPEN.
COMMUNICATE
PERFORMANCE TO THE
BOARD EFFECTIVELY.
Page 8
DO YOU KNOW WHERE YOUR
ORGANIZATION STANDS IN
REGARD TO CYBERSECURITY?
Page 9