Government entities struggle not just to measure the effectiveness of their cybersecurity controls, but also how their metrics align to the agency's unique mission. Matt Alderman and John Chirhart of Tenable Network Security offer advice.
Part of the challenge is being able to identify the right metrics, says Alderman, Tenable's VP of Strategy. "One of the big challenges most organizations have is - based on the business or mission objectives - what are the appropriate metrics I should be measuring, and therefore how does that equate into my security program?"
Another issue is that too often leaders are seeking a single dashboard to compare metrics among organizations or agencies - but no two missions are exactly alike, so the comparison is pointless, says Chirhart, Technical Director - Federal.
"Everybody tries to force-feed security into a single pane of glass, and that's not realistic," Chirhart says. "Without understanding the mission, there's no real way to truly quantify security."
In an interview about metrics and mission, Alderman and Chirhart discuss:
- Why organizations struggle to measure cybersecurity;
- The right metrics to use;
- How to align those metrics with the mission.
At Tenable Network Security, Alderman is responsible for developing strategies to enter new markets, develop new products and improve existing products to meet the emerging needs of customers and partners across the enterprise. He works closely with the Chief Technology Officer and Chief Product Officer to define, refine and expand Tenable's vision.
As Tenable's Federal Technical Director, Chirhart is responsible for developing product capabilities and solutions for Tenable's U.S. Federal customers. An information security and compliance veteran, he has 13-plus years of experience designing and implementing IT solutions in direct support of Federal Civilian, Defense and Intelligence agencies in classified settings.