What benchmarks do you consider most valuable for cybersecurity? Can you recommend any favorites you’ve found especially useful?
Sort by:
Global 3 x CISO (CISO) in Software9 months ago
benchmarks can be challenging in cybersecurity, recently, using external 'scoring' vendor to benchmark external cybersecurity posture, coupled with internal vulnerability metrics, phishing awareness metrics, as well as a CMM (maturity model) alignment to NIST CSF, we were able to show trending of overall program effectiveness. It took some effort to initial explain and gain understanding from executive team. Was the best we could do in the recent past.
CISO in Software9 months ago
Patching will always be #1 in my experience!
Benchmarks are generally useful but shouldn't be solely used for informing how 'well' a cyber security team is performing. Benchmarks should be used in conjunction with your organisation's risk appetite, an understanding of organisational culture and cyber risk quantification of high risk areas.