Metrics That Work: Practical Cyber-Security Risk Measurements

Jun 09, 2014


There are a few ways IT can make effective use of threat intelligence in security programs. Tactically, direct incorporation of threat intelligence can be done with SIEM systems or other detective controls; it can be merged with risk assessment ­efforts, through either asset repositories or GRC tools; and from a process ­standpoint, it can be ­incorporated into incident response activities.

From a broader, more strategic approach, IT can incorporate threat intelligence ­information into metrics initiatives to contextualize data points that you collect about your internal control environment. Of course, a prerequisite is that you're collecting ­metrics that are useful and relevant. In situations where metrics are not yet where you’d like them to be, one strategy is to proceed with tactical integration while refining those internal metrics to pave the way. 

In this report, we'll describe ways to transform numerous disparate data points into a practical picture. By integrating information from inside the organization (such as ­incident and SIEM data) with external threat information, you can understand the changing risk landscape tactically/operationally and create tailored risk metrics that make contextual sense within their business environment. This allows the organization to understand the most critical threats and prioritize responses to them. 

Because after all, risk measurement on a broad basis is useful, but measuring your ­organization's specific risk? Priceless. (S7800614)


Research Report