So you think you've assessed your applications, scanned them, patched them and reduced your vulnerabilities, but how do you know if these actions have actually improved your organizational risk profile?
In the 2015 SANS survey on application security, only 31% of respondents felt their IT security spending was adequate, while 47% of those able to assess their environments felt their programs needed improvement.
Do you measure improvement by number of breaches? Can you prove reduction in attack surface? Did you improve compliance posture and if so by how much? What benchmarks does management actually care about?
In this webcast, SANS instructor and application expert Jim Bird will introduce his metrics pyramid covering technical, operational and executive level benchmark requirements and resources.
Attend this webcast and be among the first to receive the associated whitepaper written by SANS Instructor Jim Bird.