Security Incidents, Events, And Breaches Essay
The Calm Before the Storm: Pre-Incident
Most organizations are fortunately in a pre-incident state, but Boards still seek confidence from the CISO that they are prepared for the eventuality of one unfolding. Providing your Board with details about your capabilities should focus less on what types of detection tools you have and more on what percentage of network visibility your security operations team has. If you have been implementing additional tools and increasing your team’s ability to identify incidents, you may even be identifying more incidents than before. Assure your Board that this is a good thing, because you are seeing what went previously undetected. Reporting on your time to triage and time to remediate is a stronger indicator than the misleading metric of decreasing numbers of incidents in the first place.
Both during Board meetings and out-of-cycle, Board members will often ask about recent newsworthy breaches and whether they could be replicated in…