Data-Driven Cybersecurity cover
welcome to this free extract from
an online version of the Manning book.
to read more
or

foreword

 

Throughout the three decades of my involvement in the world of cybersecurity, one area in which I have seen consistent underperformance, even by otherwise mature and extremely competent organizations, has been in the realm of establishing, utilizing, and interpreting key performance indicators (KPIs) for the management of cyber risk.

Unlike the many areas of business that sport obvious sets of metrics offering easy-to-understand, actionable intelligence—and where modern professionals can learn from numerous decades of others’ experience generating and acting on highly meaningful measurements—the world of cybersecurity is not only relatively young and quickly changing, but also one in which the most significant events that demand the greatest attention and should factor most heavily into KPI measurements are often invisible to those responsible for measuring them.

Cybersecurity professionals cannot simply measure the number of breaches, or the financial or operational outcomes thereof; cybersecurity KPIs must capture unseen risks, evolving threats, and preventative actions—many of which have results that are not only intangible in the short term, but also impossible to correlate to their original investments of time, money, and effort. How does one capture the fact, for example, that a particular investment within a cybersecurity program motivated an attacker to pursue a different target than originally conceived?