Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 28 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Musings Of A Cyber Customer Success Manager.

by The Gurus
December 5, 2018
in Opinions & Analysis
Share on FacebookShare on Twitter

Lucy Caiger, Delivery Lead, Panaseer

I have been at the forefront of many customer installations. It’s been interesting to get the insight into different organisational drivers behind why they chose to install our Cyber Security Risk Intelligence platform as well as witness their evolution as the insight changes how they start to address their cyber security strategy.

Our customers, as you would expect, have varying environments and security scenarios. I personally work with organisations using NIST and CIS frameworks to build in structure and process. But fundamentally the goal is usually the same. They need to automate insight into the true state of their cyber security so that they have the visibility and insight to make informed proactive decisions about how to reduce their security risk and manage the limited budgets and bandwidth. I often think about this as I’m helping them build an automated dashboard into their NIST or CIS framework.

Having this broad exposure, I’ve seen a lot of great examples of what to do and unfortunately also some, as we like to say in Customer Success, more challenging scenarios. They do all however have a few things in common.

Whatever tools or technology you are using to achieve this, I hope these lessons will be relevant for you too.

Collaborate: IT and Security must work together to enable the greatest change

Without a doubt, the best results come from organisations that collaborate and work together. By collating data across multiple tools you enable a ‘single source of the truth’. When teams across the business report from the same data, metrics and dashboards you will find that discussions become much more efficient and effective, with everyone starting from the same place. In particular, remediation planning and tracking becomes much more effective and transparent across the teams.

Validate data to enable trust

If the consumers of your reports don’t trust the data you’re presenting them with, you’ve failed. To build trust in your data you need to make sure you are engaging with the right stakeholders from the start. This includes:
· Data owners to validate the source data you are ingesting: ensuring the baseline of data you are starting with reflects the data from the golden source system.
· Security managers to apply the relevant business logic, exceptions and exclusions to the data so that your measurements and reports are meaningful to your consumers, enabling action directly from your reports.

If you have stakeholders that seem initially wary, continue to work with them and they will quickly see the benefit they get from this approach: reduction of manual tasks and improved insight across their suite of security tools.

Provide insight for different levels of stakeholder

When investigating a metric or indicator of risk, the first things an analyst will ask is to see the raw data that has contributed to that measurement. They must be able to quickly drill down to the low level data to build trust and enable action. And you’d be surprised at how likely it is that CISOs themselves are the ones digging down into the low level detail when it’s available at their fingertips!

Make reporting relevant and actionable

In order to enable the greatest impact, the responsibility for remediation action must be assigned to someone directly. By reporting against lines of the business or regions you are making that area head responsible for making improvements and demonstrating progress. This becomes particularly evident when the measurements are being tracked at board level – no one wants their name against a red square in a heatmap or a red dot in a board level RAG status report…

Once you start approaching the problem in this way you’ll start to find many advocates

When you start moving towards a data driven automated approach to collating data & providing detailed insight across the business – as awareness increases, you’ll find you start to gather more friends right across the organisation. I’ve already mentioned IT and Security, but an approach like this also becomes very powerful for Risk and Audit teams. If there’s anyone from audit teams reading, imagine being able to feed data directly into your reports rather than having to do the leg work and collation across many different tools, sources, business areas and regions.

[tpr-boilerplate company=’null’]

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Businesses Are Future-Proofing Security Controls As Regulation Deadline Approaches.

Next Post

Half Of Europeans Unaware What Their (Stolen) Personal Data Is Worth.

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information