Lucy Caiger, Delivery Lead, Panaseer
I have been at the forefront of many customer installations. It’s been interesting to get the insight into different organisational drivers behind why they chose to install our Cyber Security Risk Intelligence platform as well as witness their evolution as the insight changes how they start to address their cyber security strategy.
Our customers, as you would expect, have varying environments and security scenarios. I personally work with organisations using NIST and CIS frameworks to build in structure and process. But fundamentally the goal is usually the same. They need to automate insight into the true state of their cyber security so that they have the visibility and insight to make informed proactive decisions about how to reduce their security risk and manage the limited budgets and bandwidth. I often think about this as I’m helping them build an automated dashboard into their NIST or CIS framework.
Having this broad exposure, I’ve seen a lot of great examples of what to do and unfortunately also some, as we like to say in Customer Success, more challenging scenarios. They do all however have a few things in common.
Whatever tools or technology you are using to achieve this, I hope these lessons will be relevant for you too.
Collaborate: IT and Security must work together to enable the greatest change
Without a doubt, the best results come from organisations that collaborate and work together. By collating data across multiple tools you enable a ‘single source of the truth’. When teams across the business report from the same data, metrics and dashboards you will find that discussions become much more efficient and effective, with everyone starting from the same place. In particular, remediation planning and tracking becomes much more effective and transparent across the teams.
Validate data to enable trust
If the consumers of your reports don’t trust the data you’re presenting them with, you’ve failed. To build trust in your data you need to make sure you are engaging with the right stakeholders from the start. This includes:
· Data owners to validate the source data you are ingesting: ensuring the baseline of data you are starting with reflects the data from the golden source system.
· Security managers to apply the relevant business logic, exceptions and exclusions to the data so that your measurements and reports are meaningful to your consumers, enabling action directly from your reports.
If you have stakeholders that seem initially wary, continue to work with them and they will quickly see the benefit they get from this approach: reduction of manual tasks and improved insight across their suite of security tools.
Provide insight for different levels of stakeholder
When investigating a metric or indicator of risk, the first things an analyst will ask is to see the raw data that has contributed to that measurement. They must be able to quickly drill down to the low level data to build trust and enable action. And you’d be surprised at how likely it is that CISOs themselves are the ones digging down into the low level detail when it’s available at their fingertips!
Make reporting relevant and actionable
In order to enable the greatest impact, the responsibility for remediation action must be assigned to someone directly. By reporting against lines of the business or regions you are making that area head responsible for making improvements and demonstrating progress. This becomes particularly evident when the measurements are being tracked at board level – no one wants their name against a red square in a heatmap or a red dot in a board level RAG status report…
Once you start approaching the problem in this way you’ll start to find many advocates
When you start moving towards a data driven automated approach to collating data & providing detailed insight across the business – as awareness increases, you’ll find you start to gather more friends right across the organisation. I’ve already mentioned IT and Security, but an approach like this also becomes very powerful for Risk and Audit teams. If there’s anyone from audit teams reading, imagine being able to feed data directly into your reports rather than having to do the leg work and collation across many different tools, sources, business areas and regions.
[tpr-boilerplate company=’null’]
