Tracking metrics provides important insights, but if you’re not tracking the efficacy of your systems, you’re not getting the full picture. Without a full picture, data-driven decisions won’t be accurate, which could lead to problems.
Data without the context of visibility and efficacy tells an incomplete story. For example, say a report tells you that 26 new hires were successfully onboarded and have completed their initial training.
While that looks like good news, it doesn’t tell you anything about the effectiveness of the onboarding and training processes. It also doesn’t tell you if those new hires are engaging in risky behavior on your network, which could indicate the efficacy of your training program.
Knowing your processes are being completed isn’t as important as knowing they’re effective. Unfortunately, many CISOs are trained to look at metrics that don’t matter. As a general rule, all metrics can provide insight, but if they don’t help you make decisions they’re not useful.
Examples of security metrics aren’t effective
The following metrics are commonly tracked, but won’t help you make decisions:
- Mean time metrics. You’re probably focused on reducing your “mean time to detect and respond” numbers. That’s great, but when this retrospective information lacks the context of visibility, it’s not going to help.
- Consumption metrics. These metrics, like events per second or alarms per day, tell a story. However, these metrics alone don’t account for the fluctuation of visibility that correlates with threats. They won’t help you with actionable decisions.
- Alarm open/closed ratio metrics. Knowing the alarm open and close rates won’t reveal your environment’s true state of security. It’s nice to know, but it’s not enough.
Take control of your IT security systems
Do you know with certainty that your IT security system is working? Running standard reports isn’t enough. You can’t judge how well your IT security systems are functioning without tracking visibility, performance, and efficacy.
Here are two ways you can take control of your IT security systems.
- Hire a CISMA Certified Information Security Manager (CISM) is essential to every organization. CISMs are highly knowledgeable, and unlike other security certifications, CISMs are trained to see business context within the realm of information security.A CISM will adapt your business practices to integrate with your IT security requirements, which plays a huge role in supporting team performance.
- Focus on visibilityIf you don’t have visibility, you can’t protect your environment. You need to see everything, including:
- What users access
- The devices users use to access your system
- Where and when users log into the system
Once you know what’s going on you, can choose where to allocate your resources to remedy and/or mitigate vulnerabilities. Deploying automated threat detection software will provide the required visibility and security.
Visibility is the key to stopping threats
A strong focus on visibility is required to identify and stop threats. According to SolarWinds research, 54% of federal government IT decision-makers cite careless and/or untrained insiders as the number one cyber threat to an organization.
When it comes to information security, tracking visibility, team performance, and efficacy is critical. There’s no room for error.