Creating a Security Metrics Program: How to Measure Success - SANS ICS Security Summit 2019

Поделиться
HTML-код
  • Опубликовано: 16 июл 2019
  • Presenter: Jason Christopher, CTO, Axio Global, Inc.
    We’ve heard it all before: “Our team handles 500,000 cyber-attacks a day.” “Cyber threats are increasing.” “We track cybersecurity as a critical risk for our organization.” But what does any of that really mean? Creating measurements and metrics around cybersecurity is difficult, but so is building a sustainable metrics program, regardless of the subject matter. Early tasks, including measuring what is important and resource management, can be undermined by external pressures to tell a certain narrative or prove certain results. How can our industry create unbiased, yet compelling, metrics? What is the right-sized team or amount of resources for a metrics program? Is such a program sustainable? This presentation will cover not only the basics of cybersecurity metrics, but also lay the foundation for how s security team can create a new metrics program that goes beyond red/yellow/green or compliance. By moving to objective and repeatable metrics, utility security leaders will be able to not only justify programmatic improvements, but also track trends across environments and future projects. With research from the U.S. Department of Energy, the Electric Power Research Institute, and the National Institute of Standards and Technology, practitioners can build a defensible security metrics program across strategic, tactical, and operational levels of the utility.
    SANS Summit schedule: www.sans.org/u/DuS
    The annual ICS Security Summit brings together practitioners and leading experts to share ideas, methods, and techniques for defending control system environments. In-depth presentations and interactive panel discussions deliver real-world approaches that work and make a difference for the individuals fighting this fight every day.

Комментарии • 7

  • @allworld1357
    @allworld1357 Год назад +5

    For those looking for more specific examples. Consider the following Cyber Security Metrics:
    - Mean time to resolve (MTTR)
    - Mean time to Detect (MTTD)
    - Number of threats and attacks blocked (notes: a significant drop in threats blocked/reported could indicate that a security control has been misconfigured or is down. A dramatic uptick could indicate high numbers of false positives)
    - Team preparedness (Creating a skills tracking matrix and ensuring that team members are up to speed and can respond to threats. Also ensures that organization communication channels are open.)

  • @justaddjeff1988
    @justaddjeff1988 4 года назад +4

    This is brilliant! Exactly what I was looking for to get moving.

  • @vv_1927
    @vv_1927 2 года назад +1

    thanx Jason, the content and explanation is bang on as per my requirement

  • @jackieo7113
    @jackieo7113 Год назад +1

    I can't find the link to the 2017 YT vid he referenced! Anyone?

    • @KingFahad88
      @KingFahad88 Год назад

      ruclips.net/video/1LbPKxpSYLk/видео.html

Следующие
Автовоспроизведение
Vulnerability Management Metrics: Top 10 KPIs To Measure Success46:02Vulnerability Management Metrics: Top 10 KPIs To Measure Success
Vulnerability Management Metrics: Top 10 KPIs To Measure SuccessPurpleSec
Просмотров 2,4 тыс.
Building a Cybersecurity Program From the Ground Up35:21Building a Cybersecurity Program From the Ground Up
Building a Cybersecurity Program From the Ground UpSANS Institute
Просмотров 9 тыс.
Zero-Trust Networks: The Future Is Here - SANS Blue Team Summit 201949:39Zero-Trust Networks: The Future Is Here - SANS Blue Team Summit 2019
Zero-Trust Networks: The Future Is Here - SANS Blue Team Summit 2019SANS Institute
Просмотров 42 тыс.
TRASH or PASS! Eminem ( Houdini ) [REACTION!!!]10:15TRASH or PASS! Eminem ( Houdini ) [REACTION!!!]
TRASH or PASS! Eminem ( Houdini ) [REACTION!!!]LayedBakDFR
Просмотров 680 тыс.
Inside Air Force One During 9/1118:58Inside Air Force One During 9/11
Inside Air Force One During 9/11neo
Просмотров 1,4 млн
USWNT vs. Korea Republic | Highlights | June 4, 202403:49USWNT vs. Korea Republic | Highlights | June 4, 2024
USWNT vs. Korea Republic | Highlights | June 4, 2024U.S. Soccer
Просмотров 67 тыс.
MAKING MEXICAN PALETAS FOR THE FIRST TIME EVER ! *GONE RIGHT*19:04MAKING MEXICAN PALETAS FOR THE FIRST TIME EVER ! *GONE RIGHT*
MAKING MEXICAN PALETAS FOR THE FIRST TIME EVER ! *GONE RIGHT*Gerohan
Просмотров 88 тыс.
How to Tell the Right Cyber-Story to Executives and Board Members27:30How to Tell the Right Cyber-Story to Executives and Board Members
How to Tell the Right Cyber-Story to Executives and Board MembersRSA Conference
Просмотров 1,7 тыс.
How to Build Threat Hunting into Your Security Operations | Red Canary56:43How to Build Threat Hunting into Your Security Operations | Red Canary
How to Build Threat Hunting into Your Security Operations | Red CanaryRed Canary
Просмотров 23 тыс.
A CISO’s Guide to an Effective Cybersecurity Metrics Program1:00:51A CISO’s Guide to an Effective Cybersecurity Metrics Program
A CISO’s Guide to an Effective Cybersecurity Metrics ProgramCyber Risk Collaborative - A CRA Resource
Просмотров 3,4 тыс.
CSS2018LAS8: Incident Handling Process - SANS49:54CSS2018LAS8: Incident Handling Process - SANS
CSS2018LAS8: Incident Handling Process - SANSPublic Sector Partners, Inc
Просмотров 54 тыс.
World's Most Famous Hacker Kevin Mitnick & KnowBe4's Stu Sjouwerman Opening Keynote36:30World's Most Famous Hacker Kevin Mitnick & KnowBe4's Stu Sjouwerman Opening Keynote
World's Most Famous Hacker Kevin Mitnick & KnowBe4's Stu Sjouwerman Opening KeynoteCyber Investing Summit
Просмотров 1,6 млн
Leveraging IEC 62443 Security Level SL Requirements to Define IACS Cybersecurity Metrics57:01Leveraging IEC 62443 Security Level SL Requirements to Define IACS Cybersecurity Metrics
Leveraging IEC 62443 Security Level SL Requirements to Define IACS Cybersecurity Metricsexida
Просмотров 11 тыс.
The Cyber Skills Gap | Chris Silvers | TEDxElonUniversity18:47The Cyber Skills Gap | Chris Silvers | TEDxElonUniversity
The Cyber Skills Gap | Chris Silvers | TEDxElonUniversityTEDx Talks
Просмотров 116 тыс.
How to Present Cyber Security Risk to Senior Leadership | SANS Webcast59:58How to Present Cyber Security Risk to Senior Leadership | SANS Webcast
How to Present Cyber Security Risk to Senior Leadership | SANS WebcastSANS Institute
Просмотров 84 тыс.
CSS2017 Session 7 SANS Training - Incident Handling Process47:14CSS2017 Session 7 SANS Training - Incident Handling Process
CSS2017 Session 7 SANS Training - Incident Handling ProcessPublic Sector Partners, Inc
Просмотров 32 тыс.
Now You Can Cook Like Albert! Get a Copy of My CookBook 🔥#shorts #food #pizza00:41Now You Can Cook Like Albert! Get a Copy of My CookBook 🔥#shorts #food #pizza
Now You Can Cook Like Albert! Get a Copy of My CookBook 🔥#shorts #food #pizzaalbert_cancook
Просмотров 9 млн
Каха инструкция по шашлыку01:00Каха инструкция по шашлыку
Каха инструкция по шашлыкуК-Media
Просмотров 2 млн
Это новый МАЗ X - сделали!23:40Это новый МАЗ X — сделали!
Это новый МАЗ X - сделали!808
Просмотров 618 тыс.
Backstage 🤫 tutorial #elsarca #tiktok00:13Backstage 🤫 tutorial #elsarca #tiktok
Backstage 🤫 tutorial #elsarca #tiktokElsa Arca
Просмотров 4 млн
⁠@RoomFactoryy ​⁠КОРОЧЕ ГОВОРЯ, CS:GO В РЕАЛЬНОЙ ЖИЗНИ / КАРТА ЧЕРНОБЫЛЬ #roomfactory00:50⁠@RoomFactoryy ​⁠КОРОЧЕ ГОВОРЯ, CS:GO В РЕАЛЬНОЙ ЖИЗНИ / КАРТА ЧЕРНОБЫЛЬ #roomfactory
⁠@RoomFactoryy ​⁠КОРОЧЕ ГОВОРЯ, CS:GO В РЕАЛЬНОЙ ЖИЗНИ / КАРТА ЧЕРНОБЫЛЬ #roomfactoryКОРОЧЕ ГОВОРЯ.
Просмотров 297 тыс.
Привет, это Навальный. Концерт в день рождения Алексея. Noize MC, Каста, АИГЕЛ, Порнофильмы4:58:31Привет, это Навальный. Концерт в день рождения Алексея. Noize MC, Каста, АИГЕЛ, Порнофильмы
Привет, это Навальный. Концерт в день рождения Алексея. Noize MC, Каста, АИГЕЛ, ПорнофильмыНавальный LIVE
Просмотров 608 тыс.
МИЛОТА🥹00:11МИЛОТА🥹
МИЛОТА🥹Аслан Шукаша
Просмотров 928 тыс.
ЖДУЛИ | 2 СЕЗОН | 4 ВЫПУСК1:01:52ЖДУЛИ | 2 СЕЗОН | 4 ВЫПУСК
ЖДУЛИ | 2 СЕЗОН | 4 ВЫПУСКМама в 16
Просмотров 440 тыс.