Alignment is critical. Take this quiz to help identify how well your security operations program is positioned with your organization’s overall business goals and objectives—and see how your cybersecurity stacks up against other organizations.
Question 1/8
A Lot. We're very aligned.
Some. We provide quarterly updates.
Not much. Cybersecurity is not a board-level initiative.
80% of companies fail to include business stakeholders in cybersecurity business decisions. Thycotic, State of Cybersecurity Metrics Annual Report 2017.
Question 2/8
Definitely. We pay competitive wages and up-level our analysts.
It's ok. We have staff, but don't invest in ongoing training.
Not Really. We are reactive and short-staffed.
63% of organizations have a shortage of IT staff dedicated to cybersecurity. (ISC) Cybersecurity Workforce Study, 2018.
Question 3/8
Yes. We invest in hands-on training and conduct regular IT phishing tests.
A bit. We provide some guidance and send occasional phishing emails.
No. Our business does not have a SAT program in place.
80% of cybersecurity breaches could be prevented by enforcing fairly basic measures like educating staff. CIO UK, Why is Security Awareness Training Important?, 2018
Question 4/8
Absolutely. Security and business alignement go hand in hand.
Sometimes. Only when a new threat or public breach arises.
Rarely. Security is an afterthought.
3 out of 4 companies worldwide are not fully satisfied with their cybersecurity metrics. Thycotic, State of Cybersecurity Metrics Annual Report 2017.
Question 5/8
We sure do. Our people, processes and technologies are connected and optimized.
Somewhat. We have a basic understanding of what is in place.
Not really. We have little visibility into the inter-workings of the program.
People and process overshadow technology as predictors for SOC success or failure. Gartner, How to Plan, Design, Operate and Evolve a SOC, September 2018.
Question 6/8
Most Definitely. We routinely assess our people, processes, technologies and KPIs
Somewhat. We measure for tactical activities and tool outputs.
No. We do not actively measure.
1 in 3 companies invest in cybersecurity without any way to measure its value. Thycotic, State of Cybersecurity Metrics Annual Report 2017.
Question 7/8
0-50
51-100
101+
A typical enterprise averages 75 security tools.* However, the larger the number of vendors in a security stack, the larger the threat surface.** *CSO Online, March 2016. **Cisco Cybersecurity Report, 2018.
Question 8/8
Very. We use tools designed for continuous learning and improvement.
Somewhat. We want to, but haven't implemented many yet.
Not really. We don't use adaptive technologies and dont plan to in the near future.
Congratulations! You are clearly leading the pack. Your security operations program is well positioned with your organization’s overall business goals and objectives. And when it comes to operational maturity, you are at the Adaptive end of the spectrum—which is right where you want to be.
Continue to be proactive by implementing integration across all security domains, people, processes and technologies to identify new and unforeseen threats.
Make automation a priority by leveraging always-on and always-learning technologies that adapt to new threats and unlock future capabilities and insights.
Increase resilience by applying comprehensive detection, response and platform management to reduce operational overhead and increase efficiency across overall framework.