Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

It's time to focus on the "P" in cybersecurity performance management.

Shirley Salzman, CEO and Co-Founder of SeeMetrics

September 21, 2023

3 Min Read
Socrates statue at Academy of Athens, Greece
Source: Ael via Alamy Stock Photo

Question: What does the "P" in cybersecurity performance management mean? How do we measure performance?

Shirley Salzman, CEO and co-founder at SeeMetrics: Attributed to Greek philosopher Socrates, the aphorism "know thyself" reminds us that to comprehend the world around us, we must first understand ourselves. Similarly, in cybersecurity a crucial first step to assessing is knowing ourselves — understanding not only our capabilities, but how effectively we're applying them.

In theory, the cybersecurity performance management (CPM) model offers security leadership a simple way to know themselves, as well as to communicate and collaborate with peers and executives in a complex, siloed ecosystem.

In practice, there's a hitch. How can a CISO create a streamlined performance narrative without a single source of truth? CISOs need to rely on a complex web of narratives made up of disparate metrics, different contexts, and no single standard for measuring performance.

This makes getting answers to key questions nearly impossible: How are my security programs performing? How prepared are we for threats? Performance should be derived from a uniform set of measurements, metrics, and KPIs. Yet, currently, these simply don't exist.

And this is what Socrates has to do with CPM. The "P" in CPM has become a central tenet in the CISO's "know thyself" ethos, transforming CPM into a part of the day-to-day management toolkit — because knowing is the first step to not only communicating, but also managing.

Breaking Down the P in CPM

In the spirit of "know thyself," let's break down "performance." What do CISOs need to know? Performance comprises four key areas:

  1. Security programs: Enterprise security organizations manage multiple and diverse security programs. To measure the performance of each program, CISOs need to evaluate a range of metrics and KPIs that encompass people, technology, and processes. Yet within each program, a given metric is likely to have different characteristics.

  2. Threat assessment: CISOs need to measure their threat readiness by assessing the likelihood and potential damage of specific threats. In order to assess a threat, they need to define the measurements relevant for the threat vector, correlate data from various security programs, and ultimately evaluate readiness. Yet we still lack a uniform standard for measuring readiness.

  3. Control effectiveness: Security organizations have dozens of security products that provide hundreds of controls. Until recently, CISOs needed to just "check the box," confirming that they had controls in place. Today they are expected to know how exactly controls were deployed and configured, not to mention their specific impact on overall performance.

  4. Customization: Security leaders need the flexibility to leverage measurements and metrics for a range of ad-hoc projects and policies. For example, if the organization is migrating from one endpoint detection and response (EDR) solution to another, it needs to know how to track progress without impeding team efforts. Or when onboarding a new vulnerabilities management team, it needs to know how to track the team's contribution.

Toward a Unified, Collaborative Security Organization

Security leaders need to leverage the P in CPM to build a more unified and collaborative security organization — sharing insights, defining more realistic goals, and tracking progress.

Just like Socrates urged us to know ourselves, it's time for security leaders to rethink the role of performance. It's no longer sufficient to report performance — it's time to leverage it for better management, too. By focusing on the P in CPM, security leaders can markedly enhance both cybersecurity operations and overall security performance.

About the Author(s)

Shirley Salzman

Shirley Salzman

CEO and Co-Founder of SeeMetrics

Shirley Salzman, CEO and co-founder of SeeMetrics, a Gartner-recognized cybersecurity performance management (CPM) platform that transforms the way security leaders measure, track, and improve stack performance. Unlike today's manual processes, SeeMetrics' cockpit-like dashboard instantly answers key questions around performance. Shirley brings over a decade of experience in commercial leadership (Percepto, Contguard, and Logic Industries). Prior to her high-tech career, Shirley worked for global policy and strategy firms such as the German Marshall Fund of the US and the Institute for Policy and Strategy at the Interdisciplinary Center, Herzliya, Israel. Shirley holds an MA with honors in International Security and Non-Proliferation from King's College, London.

See more from Shirley Salzman
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events
Latest Articles in The Edge
Read More The Edge