Hear from Dallas Silcock, Security Operations Centre Manager at AC3, as he discusses five simple steps to get you started with optimising your cyber security investment.
Hear from Dallas Silcock, Security Operations Centre Manager at AC3, as he discusses five simple steps to get you started with optimising your cyber security investment.
Transcript
"Hi, my name is Dallas Silcock.
I'm the Security Operations Centre Manager here at AC3.
Organisations wanting to accurately evaluate effectiveness of their current cyber security investment can do so following these five steps.
First, determine your goals.
Define what you want to achieve from the very start, and how do they relate to your business goals and security objectives?
Second, metrics measurement.
How do you intend to measure resources such as budget, staff, and tools versus the results measurement of their security outputs, such as incidents, vulnerabilities, and patching.
Three, choose a framework.
Select a framework that helps you align to success, such as the Essential Eight Security framework, which is extensive and detailed, or other frameworks, including NIST Cyber Security Framework, ISO27000 series, COBIT Framework, or even Balanced Scorecard.
Four, collection and data analysis.
Collect your data using surveys, audits, log, reports, dashboards, and benchmarks.
Then use various analysis tools and techniques to analyse your data, such as statistics, trends, ratios, comparisons, and visualisations.
The key is to ensure that your data is relevant, reliable, accurate, and timely Finally, reporting and improvement.
The final step is to report and improve your results based on your data analysis.
Use whatever medium is effective to report on your current effectiveness such as presentations, documents, newsletters, and webinars.
You can also use different strategies and actions to improve your results such as feedback, recommendations, action plans, and follow ups.
But the main goal is to ensure that your results are clear, concise, and actionable."
