What is the 99.999 of Cybersecurity?
In this episode of Life of a CISO, Dr. Eric Cole explains the proper standard of
This episode talks about the success metrics that IT has been using for decades, and how they conflict with the way that a successful security team has to define success.
Join Dr. Cole in learning how to set yourself and your team up for success with the proper metrics.
In this episode:
- 1:09 What is the major problem with cybersecurity?
- 3:46 If you ever are frustrated, it is caused by a lack of communication
- 4:38 Communication is a 2-way process of listening more than you speak
- 5:28 All problems are fixed by an increase in communication
- 6:48 First rule of communication: Start off with 3 questions
- 8:09 The real issue is communication around a clear objective
- 9:38 How do you determine the success of cybersecurity?
- 11:38 It’s always good to learn from others
- 14:41 IT knows 5 nines
- 15:20 Uptime availability is an understandable metric
- 16:44 History of IT
- 18:15 Chief officer
- 18:55 How do we measure expectations?
- 20:00 I don’t know of any company over $100 million that doesn’t have a CIO
- 22:50 There are companies that have a CISO that report to the executives
- 23:05 Visibility metric: number of attempted attacks
- 24:48 Executives have no idea how often they are being attacked
- 26:32 Whether you like it or not, the metric is “if we don’t have an attack, security is doing their job”
- 28:50 The goal of cybersecurity is not to prevent all attacks
- 29:00 How long does it take you to detect and respond to an attack?
- 31:05 Let data, not emotions, drive decisions