Nathan Wenzler, Senior Director of Cybersecurity, Moss Adams
Measuring the effectiveness of a security program can be a challenge for most organizations. After all, when you do everything right, nothing happens. No email outages, no denial of services impacts and no data breaches. Measuring nothing doesn’t really tell you much, and it certainly doesn’t give you insight into where you’re still vulnerable and could be attacked by a malicious actor. Vulnerability Management (VM) tools have been a mainstay tool for any security program, and they generate a wealth of information about what assets are most at risk from outside threats, but the information isn’t always put to best use by most organizations.
In this session, we’ll look at the common metrics mistakes most organizations make with their VM efforts, as well as more relevant and actionable metrics that will help you get a better understanding of your security posture against today’s threat landscape.
· Learn how vulnerability information is critical to boosting good threat intelligence against common attack chains
· Identify metrics that are commonly used by nearly every organization, but don’t deliver any real value to your organization
· Discover ways to frame vulnerability data into meaningful, actionable metrics that give a more true sense of the risks to your assets
· Understand ways to improve your VM program to build more relevance into your threat intelligence efforts