Noted business management author Peter Drucker famously said, “What’s measured is improved.” When applied to the world of security, meaningful security metrics can literally transform an organization and solve real business problems. At Cisco, Unified Security Metrics (USM) combines multiple sources of data to create higher-value actionable business metrics and decision-making capabilities to protect the company’s data, business processes, operational integrity, and brand from security threats.
Hessel Heerebout, Program Manager for Cisco’s award-winning USM program, will give an overview entitled “Cisco Unified Security Metrics: Measuring Your Organization’s Security Health” (Session ID #SEC-W05) at RSA Singapore on July 23. Read More »
Tags: information security, metrics, security, Unified Security Metrics, unified security metrics program
Editor’s Note: This is the final installment of a four-part series featuring an in-depth overview of InfoSec’s (Information Security) Unified Security Metrics Program (USM). In this blog entry, we discuss some of the lessons learned during the program’s first year.
Winter weather in the North Atlantic Ocean can be precarious at best. Anyone recall the ill-fated journey of the RMS Titanic? Icebergs pose significant risk because only 10 percent can be seen above the surface, while more than 90 percent remain hidden below. Similarly, metrics and numbers on a chart represent only the tip of an iceberg. Rich, meaningful, and actionable data exists below the surface and, when leveraged successfully, can drive great results and outcomes. During the past year, the USM program has embarked on some new, uncharted waters. The journey hasn’t always been easy, but we’ve learned some valuable lessons along the way.
Read More »
Tags: infosec, Partner Security Architects, security, Security Knowledge Empowerment, Service Security Primes, SKE, unified security metrics program, usm
Editor’s Note: This is the third part of a four-part series featuring an in-depth overview of Infosec’s (Information Security) Unified Security Metrics Program (USM). In this installment, we discuss the effectiveness of the USM program at Cisco.
Information security is all about risk reduction, and risks are notoriously difficult to measure -- ask any insurance salesman or actuary. So how do we handle this conundrum for a security metrics program that hasn’t even reached its second anniversary yet?
Peter Drucker, noted business management author, once said, “Efficiency is doing the thing right. Effectiveness is doing the right thing.” Even at this early stage of the USM program, we can see four clear indicators demonstrating we’re doing the right things to improve Cisco’s security posture across the IT organization and Cisco. They include the creation of newly defined partnerships, leveraging existing IT risk management frameworks, developing well-defined feedback mechanisms, and gaining increased support and visibility at the CIO level.
Read More »
Tags: information security, infosec, metrics, security, unified security metrics program, usm