Having security metrics in place is an instrumental step towards building a solid foundation for sustainable success. However, organizations need to continually focus on building upon the foundation, which often requires fine-tuning the approach to ensure ongoing compliance. This is especially true when dealing with multiple business units.
Trying to keep everyone on the same page can be a constant struggle, regardless of whether you operate as one organization with various departments, or as a holding company with responsibility for multiple autonomous companies. If one of the group suffers a breach, the whole company suffers. Simply put, everyone involved needs to be held accountable.
Keep It Simple
The key to success is to keep it simple by focusing on just a few key security indicators. For instance, show how well each unit complies with the company’s policy to patch critical vulnerabilities within four days, high level vulnerabilities within 10 days, and medium level vulnerabilities within 30 days.
Use a “Wall of Fame”
Although properly structured metrics provide people with the information they need to be successful, most companies require added strategies or incentives to drive action. One way to increase engagement and drive action towards a common goal is to embrace the “wall of fame” concept.
Whether handled using a simple dashboard format or a PDF that is posted on the company intranet, the wall of fame presents progressive CISOs with a means of graphically demonstrating to the leadership team how well each group is adhering to the company security policies. By using a “wall of fame,” business units can take pride in their contributions towards keeping their organization secure, and progressive CISOs can accomplish their goals.