What does Cyber Security Information look like?
- New threats:
- A Leading indicator of Risk...Threats are all around us, why count them?
- What haven't we seen before -what we don't know can hurt us
- Are new threats arriving faster?
- Is the pattern normal?
- Security backlog:
- Identify - Protect - Detect - Respond - Recover...Repeat!
- A workload measure - how much work is there for my security operations team?
- Is the "haystack" of events becoming overwhelming?
- How well is the capacity of my team being utilized?
- Defense Effectiveness:
- Bating Wire and Duct Tape...Are we treating the symptom or the cause
- What are the most persistent threats?
- Are we mitigating threats and vulnerabilities efficiently?
- Which controls work and which ones need to be retired?
Economic view of risk in IT Operations:
FAIR Ontology is a good model to use.
Bringing the Model to life by:
- High Relevance
- Some Relevance
- Model Only
If Models are current, good and useful, they should be used for KRIs.