Live from #GartnerSYM | Treat #Cybersecurity as a Business Decision with Gartner Distinguished VP Analyst Paul Proctor. Follow along for key takeaways👇🧵
"To figure out what the right amount of #security is, you must ask yourself:
- How much security do you want?
- How much do you want to spend?"
#GartnerSYM #Cybersecurity
- How much security do you want?
- How much do you want to spend?"
#GartnerSYM #Cybersecurity
"Most investment is made based on the existence of a tool or a capability. Very little is based on the protection delivered." #GartnerSYM #Cybersecurity #Security
"73% of the questions in the CSF audit standard relate to the existence of controls, not their performance." #GartnerSYM #Cybersecurity #Security
"We need to shift our focus to measuring, reporting and investing in #security outcomes." #GartnerSYM
"How many days does it take us to patch our systems?" #GartnerSYM #Cybersecurity
"Ask your CEO how many days they would like their system available for hack? I'll bet zero." #GartnerSYM #Cybersecurity #Security
"What happens if you get hacked after 30 days? You've 'failed.' Protection level agreements are concrete, measurable and enforceable assertions of risk appetite." #GartnerSYM #Cybersecurity #Security
"Stop selling your executives tools. Start selling them better outcomes! Tell them you’re going from 30-day patching to 15-day patching." #GartnerSYM #Cybersecurity #Security
Align outcome driven metrics (ODM) to business outcomes.
1. Discover and identify variable levels of protection.
2. Choose and invest in variable levels of protection.
ODM benefit: Understand the business impact
of increasing or decreasing #cybersecurity spend.
#GartnerSYM
1. Discover and identify variable levels of protection.
2. Choose and invest in variable levels of protection.
ODM benefit: Understand the business impact
of increasing or decreasing #cybersecurity spend.
#GartnerSYM
When it comes to spend, your business has 3 choices. "You must create a credible and defensible reflection of costs to support good decision making." #GartnerSYM #Cybersecurity #Security
"Ultimately, your business asks themselves: How much #security do they want? and How much do they want to spend?" #GartnerSYM #Cybersecurity
Leverage the Gartner #Cybersecurity Business Value Benchmark. #GartnerSYM
What are the average days to patch? #GartnerSYM #Cybersecurity
"Don't forget, the right business outcomes come from the right investments and the right priorities."
Download the The Gartner Cybersecurity Value Benchmark. #GartnerSYM #CISO #CIO
Download the The Gartner Cybersecurity Value Benchmark. #GartnerSYM #CISO #CIO
Loading suggestions...