Cybersecurity Metrics

Рет қаралды 2,459

Күн бұрын

Пікірлер: 20

@yanguerif7131 15 күн бұрын

Amazing content Eric! Really helping me in my day job as a csm of a cyber company. One advice if I can help, you are talking from your throat, try to talk from your stomach to not damage your voice. We need your amazing value :). Take care!

@aris.untung Ай бұрын

i Loved this topics, Thank you dr Eric. ❤

@fmj_556 4 ай бұрын

I'm planning on going into GRC field so this information is all new to me. Thanks for making this video!

@saifcan 4 ай бұрын

Authority + Responsiblity !

@kdeaze05 4 ай бұрын

Great insight Dr.E!

@gregsurber2813 3 ай бұрын

A metric of "attempted attacks" could be a good base metric to showcase the risk the organization faces. But how do you measure that? What tools and/or techniques can accurately capture that information in a usable fashion? And how do you define "attempted attack"? Is a scan of your address space an attempted attack? Is a phishing email?

@yoyoyuyu234476 3 ай бұрын

how do you measure attempedted attacks? Firewall drops, phishing blocks,?

@charlievanhorn 4 ай бұрын

I’m curious how you’re measuring the number of attacks on an interval and how you would derive that?

@XPandXP 4 ай бұрын

Several approaches can be used to estimate the number of cyberattacks: Incident Response Data: Analyzing incident response reports and security logs can provide insights into detected attacks. However, it's important to remember that this only captures a portion of the total attacks. Threat Intelligence: Leveraging threat intelligence feeds can help identify trends, emerging threats, and potential attack vectors. While this doesn't provide a direct count, it can offer valuable context. Industry Surveys and Reports: Industry surveys and reports often provide estimates of cyberattack frequency based on responses from organizations of various sizes and sectors. Data Breach Notifications: While not a direct measure of all attacks, data breach notifications can provide a glimpse into the number of successful attacks that result in significant consequences. It's important to note that these methods provide estimates rather than precise counts. The actual number of cyberattacks is likely much higher due to the factors mentioned above. Additionally, it's crucial to consider the context of these measurements. For example, an increase in detected attacks might not necessarily indicate a rise in overall cybercrime but could simply reflect improved detection capabilities.

@DMR0407 4 ай бұрын

Eric, I agree with you and have used this metric in the past, but I am curious how you define an incident. Your suggestion of 3,000 to 4,000 seems very low.

@tomkelly6070 4 ай бұрын

Ideally the group responsible for MEASURING success through assessments and answering questions such as how many attempted and successful cyber attacks or what is the IT availability should be a separate group from the group accountable for resolving outages, introducing technology or mitigating information security breaches. Organizations should be structured so that CIA (confidentiality, availability and integrity) are owned by any manager (CIO, business units) who has the authority to implement or manage information technology or services.

@saifcan 4 ай бұрын

Yes .. agreed!

@saifcan 4 ай бұрын

That just makes sense ..

@saifcan 4 ай бұрын

Honey+lemon+ginger tea ... hack for cough ;)