What benchmarks do you consider most valuable for cybersecurity? Can you recommend any favorites you’ve found especially useful?

470 viewscircle icon3 Comments
Sort by:
CISO in Government9 months ago

Benchmarks are generally useful but shouldn't be solely used for informing how 'well' a cyber security team is performing. Benchmarks should be used in conjunction with your organisation's risk appetite, an understanding of organisational culture and cyber risk quantification of high risk areas.

Global 3 x CISO (CISO) in Software9 months ago

benchmarks can be challenging in cybersecurity, recently, using external 'scoring' vendor to benchmark external cybersecurity posture, coupled with internal vulnerability metrics, phishing awareness metrics, as well as a CMM (maturity model) alignment to NIST CSF, we were able to show trending of overall program effectiveness. It took some effort to initial explain and gain understanding from executive team. Was the best we could do in the recent past.

CISO in Software9 months ago

Patching will always be #1 in my experience!

Content you might like

Yes70%

No29%

Yes63%

No34%

I'm not sure2%

View Results