Skip to main content

A SANS 2021 Report: Making Visibility Definable and Measurable

Download PDF

A growing number of boards of directors recognize the strong correlation between cybersecurity and business health, and they expect security managers to define strategies and recommend investments in robust cybersecurity processes and controls. 

Board members now demand dynamic, real-time, unified data and visualizations for business-critical security metrics. Such security metrics are essential for the board and executive management to evaluate business governance and risk-management performance so they can make strategic decisions.

Visibility is also key.  Organizations need to establish a visibility strategy that complements their security profile to properly assess where they should direct resources for future improvement.

To achieve this, organizations must take an interdisciplinary approach, as SANS did in Making Visibility Definable and Measurable. We sought insight from key individuals within SANS, including curriculum leads, instructors, and analysts. A common theme emerged: Good visibility encompasses the triad of people, processes, and technology. It requires communication across differing organizational aims—and a balancing act between management and technical goals, as well as business and security objectives.

Our report focuses on what you need to get there—allowing stakeholders to build an in-depth picture of organizational security without sacrificing the elements most important to their role. Learn more.