Current Market to Measure Infosec

  • What products and services are currently available on the market that report on information security?
  • How do they measure cyber security effectiveness?
  • What are their strengths and weaknesses?

Existing Metrics

  • What are the current ways companies measure InfoSec i.e. pen tests, audits etc.?
  • How are these metrics effective helping the business?

Network Tools

  • What open source and free vulnerability scanning tools and data sources can we use to further inform our cyber score?

Simple Measurable Tools

  • What products and services are currently available on the market and in open source?

Compliance and Establish

  • How effective will our cyber score be in reporting compliance to legislation and standards with a bearing on information security
  • What are the key partners to engage to establish our cyber score as the default in industry

Research & Development

The real measure of information security effectiveness has always been difficult to compute in simple terms. SIEM solutions, vulnerability scanners, information security audits and even pen tests are still largely unable to help the board fully justify a measurable return on investment on security (mRoI). This is due to most security metrics being complex to understand in relation to a company’s business objectives and mission.

Just like marketing metrics and sales targets, information security metrics must be simple to understand at all levels of the business, as well as being actionable so they can enable the business to grow securely and efficiently.

We believe that taking security measurements from a wide variety of sources encompassing the full spectrum of people,

processes and technology involved will give us a holistic and business-centric view of information security. We can then work to simplify these metrics to create a standard at which security effectiveness is measured and reported.

This project is therefore about creating a cyber score that will help inform a company’s level of compliance to security legislation as well as help drive information security improvement.

We would love to speak to you and understand any ideas you may have and how we can work together to build this project into a de-facto standard for showing a cyber score.

Get in touch to see how we can help