Cyber Security Performance Management - "Managing your Program Like it's a Priority"

While Cyber Security Programs have become a critical part of most organization's risk management framework, work is still required for executive teams to manage these programs similarly as other organizational priorities.

It is still very common for CEO's and COOs to leave the direction and management of their cyber security programs to their IT teams with very little visibility into the program activities and performance. At Castellan, we recommend that organizations implement a cyber security program reporting and measurement process to provide this visibility.

Below are five considerations to help organizations get started:

1. Implement an approach that aligns with performance reporting for your other priority programs, such as Finance, HR, PMO, and critical business operations.
2. Develop performance objectives and targets for your cyber security program.
3. Identify key performance indications (KPIs) that will be used to measure progress towards your objectives.
4. Identify key program activities to be reported. This could include the number of scans conducted, the number of staff trained, patch management activities, details about open vulnerabilities, firewall rule changes, security risks intercepted, penetration testing activities etc.
5. Set up a consistent and uniform reporting structure to the executive branch on program results of activities.

For more information regarding how Castellan can help you build your security program or validate if your current program is operating effectively, please contact us.

View More