From: Risk Management Monitor
by
Continuous monitoring on its own is great for the detection and remediation of security events that may lead to breaches. But when it comes to allowing us to measure and compare the effectiveness of our security programs, there are many ways that simply monitoring falls short. Most significantly, it does not allow us to answer the question of whether not we are more or less secure than we were yesterday, last week or last year.
This is a question that we all have grappled with in the security community, and more recently, in the board room. No matter how many new tools you install, settings you adjust, or events you remediate, there are few ways to objectively determine your security posture and that of your vendors and third parties. How do you know if the changes and decisions you have made have positively impacted your security posture if there is no way to measure your effectiveness over time?
Leave a Reply