One of the issues that has plagued security since the dawn of the information age is that it gets no respect. Businesses recognize that security is necessary, but for many it’s considered a necessary evil, and it’s perceived as a road block that gets in the way.
The problem facing CISOs is that they are in charge of a segment of the company devoted to ensuring the company doesn’t lose money, while most business units are dedicated to generating revenue. It’s hard to quantify how much money the company saved by not having to manage the security incidents that didn’t happen–it’s hard to prove a negative. The irony of security is that the better it works, the less it seems necessary.
To be taken seriously in the boardroom, the CISO needs to speak the same language as other executives, and play by the same rules. That’s where a product like nCircle Benchmark comes in. nCircle–which is currently in the midst of being acquired by Tripwire–commissioned Bradley Strategy Group to take a closer look at Benchmark and write a white paper on the service.
Businesses–good ones at least–don’t make decisions by throwing darts at the wall. They like to have metrics, and real-world data to make informed decisions. nCircle Benchmark arms CISOs with relevant facts and data, including comparing the security posture of the company against a baseline of what other similar companies are doing, so security initiatives can be aligned with business objectives, and justified with actual metrics.
Download and read the white paper from the nCircle Benchmark site: Security Metrics Supporting Business Initiatives