11 Measuring Performance and Effectiveness

How do we know if the cybersecurity strategy we’ve employed is working as planned? How do we know if the CISO and the security team are being effective? This chapter will focus on measuring the effectiveness of cybersecurity strategies.

Throughout this chapter, we’ll cover the following topics:

Using vulnerability management data
Measuring the performance and efficacy of cybersecurity strategies
Examining an Attack-Centric Cybersecurity Strategy as an example
Using intrusion reconstruction results
Leveraging MITRE ATT&CK^®

Let’s begin this chapter with a question. Why do CISOs need to measure anything?

Introduction

There are many reasons why cybersecurity teams need to measure things. Compliance with ...

Get Cybersecurity Threats, Malware Trends, and Strategies - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cybersecurity Threats, Malware Trends, and Strategies - Second Edition by Tim Rains

11

Measuring Performance and Effectiveness

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly