What is the 99.999 of Cybersecurity?

In this episode of Life of a CISO, Dr. Eric Cole explains the proper standard of 

This episode talks about the success metrics that IT has been using for decades, and how they conflict with the way that a successful security team has to define success.

Join Dr. Cole in learning how to set yourself and your team up for success with the proper metrics. 

In this episode:

  • 1:09 What is the major problem with cybersecurity?
  • 3:46 If you ever are frustrated, it is caused by a lack of communication
  • 4:38 Communication is a 2-way process of listening more than you speak
  • 5:28 All problems are fixed by an increase in communication
  • 6:48 First rule of communication: Start off with 3 questions
  • 8:09 The real issue is communication around a clear objective
  • 9:38 How do you determine the success of cybersecurity?
  • 11:38 It’s always good to learn from others
  • 14:41 IT knows 5 nines
  • 15:20 Uptime availability is an understandable metric
  • 16:44 History of IT
  • 18:15 Chief officer
  • 18:55 How do we measure expectations?
  • 20:00 I don’t know of any company over $100 million that doesn’t have a CIO
  • 22:50 There are companies that have a CISO that report to the executives
  • 23:05 Visibility metric: number of attempted attacks
  • 24:48 Executives have no idea how often they are being attacked
  • 26:32 Whether you like it or not, the metric is “if we don’t have an attack, security is doing their job”
  • 28:50 The goal of cybersecurity is not to prevent all attacks
  • 29:00 How long does it take you to detect and respond to an attack?
  • 31:05 Let data, not emotions, drive decisions