What to measure in order to secure the enterprise

messe.jpgOccasionally, I get to hear other sessions at HP Discover just like HP’s customers. So on Monday , I went to a session titled “Security operations: Maturity, effectiveness, and ROI” by HP’s ArcSight team. Now I have gotten to touch security before in my career. A while back I had been brought into a company called iSpheres by the CEO and board to look at getting them into a new business. One of the areas we looked at for the company’s technology was security because the president of iSpheres came out of security and saw the need for a higher level security product. As we evaluated the opportunity, everyone said not to go there because there was startup that had already figured this out. The company’s name was ArcSight.

 

In this presentation, I was looking for higher processes and KPIs our Executive Scorecard should be measuring. Was there something that we were possibly missing when it came to security? After a few minutes, I felt very comfortable with what we already do. Clearly, there were unique things that the ArcSight SIEM solution does, but from a tooling perspective, the security stack reminded me of what we do in our operations stack at HP.  And just like what we do in operations, when something goes wrong or requires something to be done, an incident is created within the service management tool. I knew from my experience at iSpheres that security starts with log management.

 

But what was new for me was that security was now adopting the CMMI maturity model in order to drive what the speaker called “Security-Ops best practices.” So security is drawing on standards like COBIT 5, where  the key to successful security processes is making them documented and then repeatable. This means that security today is all about people, process, and technology. For those of us from the ITIL world, this should sound very familiar. In fact, ArcSight has put together a 150-question maturity assessment tool that looks at maturity along with people, process, and technology.

 

At the same time, it was suggested that security needs to be top down or you inundate management with events and force a reactive versus proactive security. Just like Operations, there are too many events if you do not correlate them and then relate them to the needs of senior leaders. But probably the most important thing I learned was that proactive security requires automation.

 

This is how Executive Scorecard can be used in conjuction with security solutions like ArcSight. Executive Scorecard already pulls from the automation and operations stack. You can answer with it many business and IT questions. Do I have policies? Can I lock down the server, storage, and network configuration? Is my data sent in encrypted form? How long does it take to bring things back into compliance? CISOs clearly need the blocking and tackling of looking at logs, perimeter and network defenses, compliance, threat assessment, and critical transaction monitoring, but they also need to know whether the operational controls are in place for proactive security. They also need the incident harvesting to know where they have success and where they have failure. This is where a security strategy that uses performance management tools like Executive Scorecard can help organizations measure, manage, and improve.

 

Solution page:  IT Performance Management

Twitter: @MylesSuer

Comments
hyperbola equation(anon) | ‎12-21-2012 10:21 PM

At the same time, it offers the security needs to be above or below you and scrub with a reactive versus proactive security event management was emphasized. Only a people, many of them after the event if you do not need senior leaders to have their say. But perhaps the most important thing I learned was the need for proactive security automation.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Mr. Suer is a senior manager for IT Performance Management. Prior to this role, Mr. Suer headed IT Performance Management Analytics Product ...
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.