What benchmarks do you consider most valuable for cybersecurity? Can you recommend any favorites you’ve found especially useful?

Security & GRC KPIs, Metrics & Reporting

470 views3 Comments

Sort by:

CISO in Government9 months ago

Benchmarks are generally useful but shouldn't be solely used for informing how 'well' a cyber security team is performing. Benchmarks should be used in conjunction with your organisation's risk appetite, an understanding of organisational culture and cyber risk quantification of high risk areas.

Global 3 x CISO (CISO) in Software9 months ago

benchmarks can be challenging in cybersecurity, recently, using external 'scoring' vendor to benchmark external cybersecurity posture, coupled with internal vulnerability metrics, phishing awareness metrics, as well as a CMM (maturity model) alignment to NIST CSF, we were able to show trending of overall program effectiveness. It took some effort to initial explain and gain understanding from executive team. Was the best we could do in the recent past.

CISO in Software9 months ago

Patching will always be #1 in my experience!

Content you might like

Does your company offer international customers payment methods that are specific to their country or region? (i.e., SEPA, iDeal, Sofort, etc.)

Yes70%

No29%

Do you feel like your board of directors spends enough time discussing cyber, generally speaking?

Yes63%

No34%

I'm not sure2%

View Results

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

Our company deeply entered in the Microsoft world (EntraId, M365, Azure). Microsoft is publishing, in particular, a compliance dashboard and security dashboard. How are you using them and which kind of governance are you putting around them?

Any examples you can share of effective use cases for threat intelligence beyond cybersecurity? Have you had success applying threat intelligence beyond IT/cybersecurity to increase its ROI or better justify that investment?

What benchmarks do you consider most valuable for cybersecurity? Can you recommend any favorites you’ve found especially useful?

Sort by:

Content you might like

Does your company offer international customers payment methods that are specific to their country or region? (i.e., SEPA, iDeal, Sofort, etc.)

Do you feel like your board of directors spends enough time discussing cyber, generally speaking?

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

Our company deeply entered in the Microsoft world (EntraId, M365, Azure). Microsoft is publishing, in particular, a compliance dashboard and security dashboard. How are you using them and which kind of governance are you putting around them?

Any examples you can share of effective use cases for threat intelligence beyond cybersecurity? Have you had success applying threat intelligence beyond IT/cybersecurity to increase its ROI or better justify that investment?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go