One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1704939 |
| Date de publication | 2020-05-12 12:00:00 (vue: 2020-05-12 13:07:50) |
| Titre | The relationship between security maturity and business enablement |
| Texte |
A seminal report exploring the correlation between cybersecurity and positive business and security outcomes
Now more than ever organizations globally want to better understand, manage, and minimize security risks. To achieve this, security leaders should be regularly assessing their processes and programs to gain a sense of their organization’s security maturity, where gaps exist, and what can be done to improve security posture.
In March 2020, AT&T Cybersecurity and Enterprise Strategy Group (ESG) completed a benchmark survey aimed at helping organizations understand what a mature cybersecurity program looks like and how that maturity influences security and business outcomes.
Results from the 500 security professionals surveyed on their processes, policies, and controls were mapped into the NIST Cybersecurity Framework’s (CSF) five foundational cybersecurity functions: identify, protect, detect, respond, and recover.
The goal of this unique research was to validate if — and to what degree — organizations in better alignment with best practices prescribed by the NIST CSF can operate more secure environments and better enable their businesses. This was accomplished through the creation of a data-driven model that segments respondents into three levels of cybersecurity maturity:
Emerging organizations
Following organizations
Leading organizations
By comparing survey results across these levels, the model allows us to use data to quantify the differences in security and business outcomes that exist as maturity level improves.
One of the more interesting findings that came out of the research (and quite hopeful), is that cybersecurity maturity is not directly dependent on company size. One might assume only the largest organizations, with the most resources, would be able to implement a cybersecurity program sophisticated enough to achieve “leader” status. However, the research shows that the median company size is identical across all three maturity levels – “leading”, “following”, and “emerging.”
The fact that there is no correlation between company size and maturity level indicates to us that doing cybersecurity well is less a function of resources and more a function of thoughtful consideration, planning, and organizational culture. While technology and staff investments matter, the research indicates that organizations of any size can achieve a highly mature cybersecurity program.
To read these research findings, download the full report. There's also a nice infographic.
In addition to our research, AT&T Cybersecurity and ESG have developed a free self-assessment tool that enables organizations to measure their security maturity based on the survey’s benchmark data and the NIST cybersecurity framework.
Take the free maturity assessment.
 |
| Envoyé | Oui |
| Condensat | “emerging 2020 500 able accomplished achieve across addition aimed alignment all allows also any assessing assessment assume at&t based benchmark best better between business businesses came can company comparing completed consideration controls correlation creation csf culture cybersecurity data degree dependent detect developed differences directly doing done download driven emerging enable enablement enables enough enterprise environments esg ever exist exploring fact findings five following foundational framework framework’s free from full function functions: gain gaps globally goal group have helping highly hopeful how however identical identify implement improve improves indicates influences infographic interesting investments largest leaders leading less level levels like looks manage mapped march matter mature maturity maturity: measure median might minimize model more most nice nist not now one only operate organization’s organizational organizations out outcomes planning policies positive posture practices prescribed processes professionals program programs protect quantify quite read recover regularly relationship report research resources respond respondents results risks secure security segments self seminal sense should shows size sophisticated staff status strategy survey survey’s surveyed take technology than there's these thoughtful three through tool understand unique use validate want well what where would |
| Tags | Tool Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.