Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

12:55 PM
Joan Goodchild
Joan Goodchild
Edge Articles

6 Unique InfoSec Metrics CISOs Should Track in 2020

You might not find these measurements on a standard cybersecurity department checklist. But they can help evaluate risks you haven't even considered yet.

(image by jamdesign, via Adobe Stock)
(image by jamdesign, via Adobe Stock)

Perceived Privileged Users Versus Actual Privileged Users

Aaron Turner, president and chief security officer of HighSide, says: "One metric that I've been working with some of our consulting customers on is the enumeration of privileged users and user groups and critical intellectual property."

For example, he says: "Let's say that an enterprise has a server with a large amount of intellectual property stored on it. Begin by enumerating all of the IT operations staff who have access to the server storing critical IP. Sometimes this becomes difficult in large-scale enterprise environments, especially where nested groups are used to allow different IT operations teams to have access to the server for operations and maintenance purposes."

The end result, says Turner, should be a clear understanding of who has access to critical IP assets, and how that needs to be modified for better protection going forward.

(Continued on next page)

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio
5 of 7
Print  | 
More Insights
Flash Poll