Apr 13, 2017 Accepting Input Now: 2018 Cybersecurity Maturity Model, Benchmark, and Next-Generation Technologies
Like most engineers, I was a very weird kid. (I forget which science fiction writer put it perfectly: All of us who grew up to love science fiction were weird little boys, except for those of us who were weird little girls).
I always wanted to understand how things worked, and if they worked, how to make them work better.
To put it bluntly, I was a pain about it: When I was seven years old, I remember shelling peas with my mother–and correcting her process because it wasn’t efficient. (Even after I proved my process was faster and less error-prone, that didn’t go over well. Go figure!) And then there was the mechanical typewriter I fixed, and the electric-fan-powered sled I designed…
I guess it was inevitable for me to end up with an insatiable desire to understand how technology can be made to work better, particularly in areas where there’s an acute business need. Which explains why I’m spearheading Nemertes’ research into Security and Risk Management, along with my brilliant and insightful colleague John Burke.
As most folks know, cybersecurity is undergoing intense change. As attackers ratchet up the sophistication, range, and volumes of their attacks, enterprise organizations struggle to keep up–and vendors proliferate. In such a high-stakes environment, the wrong strategy can have disastrous consequences.
In last year’s Security and Risk Management Benchmark, we created and validated an extensive security maturity model covering security operations and organization and emerging “bellwether technologies” that characterize the most successful security organizations, and helps all security organizations make better decisions.
In our upcoming study, we’ll enhance that model with additional security operational best practices (including processes, policies, and staffing and organizational and operational metrics) and assess bellwether technologies including:
- Behavior Threat Analytics
- Endpoint Security
- Identity Security
- IoT Security
- Risk Dashboards
- Security Automation
As part of this project, we’re also developing some cutting-edge cost models that will capture real world total cost of operations (TCO) for some of these emerging technologies, and enable security professionals to get the biggest “bang for the buck” when it comes to deploying them.
Finally, we’ve developed a checklist of key operational metrics that we believe will enable security professionals to quantitatively validate the effectiveness of their security organizations.
As with all our research, the emphasis is on providing reliable, data-based insight that enables our clients and other infosec organizations to make more informed decisions. We’re not interested in pontificating about high-level abstractions. We aim to give our clients the insight they need to take proactive actions that anticipate emerging challenges, and “get ahead of the curve” in this rapidly changing environment.
If you’d like to get involved, give me a shout at johna at nemertes dot com, or find me on Facebook or LinkedIn.
If you’re a security professional at an enterprise, midmarket, or not-for-profit organization, you’re eligible to participate in the benchmark (and you’ll receive a copy of the Nemertes Maturity Model in exchange). If you’re a vendor of information security products or services, or a researcher in the space, I’d love to get briefed on your technology or findings.We anticipate sharing our findings in June, so keep an eye on this spot!